Incoming Suffolk County Executive Ed Romaine plans to strengthen the county’s cybersecurity infrastructure in a way that will protect its sprawling computer network from cyberattacks for the first time, according to recent communications.
In a Nov. 27 letter to Suffolk State’s current chief information security officer, Romaine asked for answers to a series of questions about Suffolk State’s cybersecurity readiness and called Suffolk State “New York State.” The goal is to make the county “the safest county in the world,” he said.
“The most important of these goals is to obtain Suffolk County cyber insurance as soon as possible,” Romaine wrote, according to a letter obtained by Newsday.
Newsday reported that Suffolk State tried to purchase cyber insurance, but it lacked basic protections such as chief information security officers (CISOs) and multi-factor authentication to verify the identity of users on the network. He was deemed ineligible because of his background. Use means external to your network.
“What are they doing? [insurers] “Insuring requires the necessary level of protection, advanced systems, hardware and best practices that clearly have not been adopted here,” County Executive Steve Bellone told Newsday in February. .
The city of Suffolk then hired CISO Kenneth Brancik and implemented multi-factor authentication and a series of other upgrades. Suffolk County spokeswoman Mary-Kate Guilfoyle said Branchik told her he had not yet received the letter from Romaine, but Romaine’s spokesperson Michael Martino said it had been emailed to him last week. said.
“I look forward to Congress adopting the bill we proposed to give CISOs the authority to strengthen cybersecurity across their networks,” Guilfoyle said in a statement. It’s necessary.”
Newsday reported last week that Suffolk multi-factor authentication vendor Okta, which was introduced last year at an estimated cost of $800,000, was itself the victim of a breach that potentially compromised certain customer data.
Among Romaine’s long list of demands from Branchik was a “full audit of the state” of Suffolk’s technology, for both security and operational purposes.
A review of Suffolk’s internal technology infrastructure recommended appointing a chief information security officer at least four years ago, but on September 8, 2022, a ransomware attack caused widespread damage to the county’s network. Mr Suffolk only took on the role earlier this year after the incident. Branchik was hired after a months-long search conducted with the help of consultant and lobbyist Michael Balboni, Newsday reported.
Romaine asked Branchik if the county has an incident response plan in place and if it has been updated after the breach. He also asked whether the county had conducted security awareness training and whether there had been any third-party audits of the county’s technology since the 2022 attacks.
Additionally, Romaine asked whether the county recently contracted for third-party penetration testing to determine whether new systems installed at an estimated cost of up to $17 million are protecting the network. Asked.
Some of Romaine’s questions may be answered by a report being prepared by a Suffolk county council committee investigating 2022 cyber attacks. Regis. Committee Chairman Anthony A. Piccirillo (R-Holtsville) said the report will likely be released early next year.