CLOSE
Tags Posts tagged with "cyberattack"

cyberattack

by -
0 141
A special election for Brookhaven Town Clerk will take place Tuesday, Jan. 17. Above, Kevin LaValle (left) and Lisa Di Santo, respective nominees for the Republican and Democratic parties. Photos by Raymond Janis

Early voting is underway for the next Brookhaven town clerk, and the two major party candidates are making their pitch to the voters.

Former Town Clerk Donna Lent (I) retired in November, triggering a special election for her unexpired term ending in 2025. Town of Brookhaven Councilman Kevin LaValle (R-Selden) and community advocate Lisa Di Santo, the Democratic Party nominee, will square off at the polls Tuesday, Jan. 17.

During a joint meeting of the Selden and Centereach civic associations Thursday, Jan. 5, the two candidates were questioned on a range of topics related to the operations of the Town Clerk’s Office. Civic members generated some of the questions with others fielded from the audience.

Introductions

Di Santo is a former social studies teacher who taught students about participation in government. She also served as a trustee of the South Country school board in East Patchogue, where she lives. 

“I have always participated in government, and I feel that I can be an independent voice of reason in the Town Clerk’s Office,” she said. “We have many of the same people filling many of the same positions over and over again. … That leads to a bit of stagnation, and I think it’s time for a fresh set of ideas, a fresh set of eyes, on what’s happening in the Town Clerk’s Office.”

Before entering government, LaValle owned a title agency. He then received a loan mortgage originator’s license and has worked in mortgage banking ever since. The councilman worked on the staff of former Suffolk County Legislators Dan Losquadro (R) and Tom Muratore (R). He was elected to serve Brookhaven’s 3rd Council District in 2013 in an area which includes Lake Grove, Centereach, Selden and parts of Lake Ronkonkoma, Farmingville, Port Jeff Station and a piece of Holbrook. 

 “I think I’ve accomplished a great deal as councilman, but I come before you now, again, to say that as town clerk, I am going to bring a new energy,” he said. “I am going to bring a new work ethic to the Town Clerk’s Office that has not been seen before.”

Duties of town clerk

Both candidates were asked about the function of the town clerk. For Di Santo, the clerk must ensure the accurate recording of Town Board meetings and the efficient filing of legal records, among other tasks. She emphasized the significance of the Freedom of Information Law request process.

“One of the most important things has to do with [being] the appeals officer for FOIL requests that come to the town,” she said. “People who live here and pay taxes should be able to access that information.”

The Democratic candidate also said the incoming clerk must assess and modernize the existing technology in the office. “I have spoken with some people who work in the Town Clerk’s Office and told me that their technology is at least 10 years out of date,” she said. “That is something that is certainly personally scary to me.”

LaValle viewed the clerk’s role as threefold, that is to “secure, maintain and distribute vital records of the residents of the Town of Brookhaven.” He referred to the office as a “vital hub,” servicing residents in the best and worst times.

“I believe the efficiency could be improved in the Town Clerk’s Office,” he said. “Cybersecurity, I think that’s something we can take to another level.”

He viewed the clerk as a service provider rather than a policymaker or revenue generator, noting that empowering and providing the staff with the necessary resources will be critical. “As the clerk, the focus will be about making sure the staff has the tools to be able to do their job,” he said.

Cybersecurity

Addressing the September ransomware attack against the Suffolk County government, LaValle assessed shortcomings within the county’s IT network. He described the need for coordination between departments, recommending the town continues its transition to cloud technologies to avert a similar scenario.

“The cloud is probably the best security that you can have, but we have to stay vigilant and make sure we’re looking at new technologies as we move along to make sure our information stays secure,” the councilman said.

Di Santo concurred that replacing outdated technology will be a priority. She stressed the need to properly oversee the transition to new platforms and work out any technical or logistic challenges that may arise.

“When you have new technology, one of the things that is crucial is to make certain that the staff is comfortable with that technology, that they’re fully trained so that they are able to use that to the best of their ability,” she said.

Staffing

After conversations with staff members, Di Santo painted a bleak picture of the current situation within the Town Clerk’s Office. “The office is actually understaffed,” she said. “Morale is really not very good in the office. You have a lot of turnover, so it’s very difficult to have the best customer service when you have staff changing and needing to be retrained.”

She reiterated that “a fresh set of eyes” from somebody outside government will help identify areas for improvement and generate potential solutions.

LaValle said he would prefer close collaboration with the Town Board, analyzing any barriers to efficient staff operations. He then stated a desire to fund personnel better.

“I want to be able to go in, take a real good look at what is going on in the office,” he said. “Do we need more employees? Should we pay our employees more?”

He also advanced the need to offer a vision the staff can get behind. “We have to work with the employees and build a team concept,” he said. “I want to make this the best clerk’s office in New York state. Without our employees buying into my leadership and what I want to do, that’s not going to happen.”

Resident access

Both candidates addressed the need to decentralize the office, to move services out of Town Hall and into the various hamlets and villages throughout the township. LaValle introduced a multipronged approach, including attending community meetings and building a more prominent multimedia presence.

“I want to be a town clerk going out to various functions,” he said. “A lot of people here see me in a lot of different events. That’s something I’m going to continue to do because I think the outreach of going out to the public and showing them what the clerk’s office does … is fundamentally important.”

He added, “I want to be able to go out and bring back some transparency — new social media platforms, doing videos on Channel 18 talking about what we can do to help residents.”

Di Santo said she has heard from multiple residents that resident access to public records can be slow. She again centered on requests for public information.

“The town clerk is the final appeals officer for the FOIL law,” she said. “In some cases, those requests get bounced from one department to another and the clock seems to run out.”

She added, “People who are residents, our taxpayers, are asking for information from their town, and in many cases it seems that it is being stonewalled. The town clerk has a responsibility to provide that information.”

Open government

Candidates were asked what the term “open government” means and how they would bring town government closer to the people.

“Open government means giving everyone the opportunity to participate at their fullest,” Di Santo said. “I would, as town clerk, try to appeal to the Town Board members to make many of the meetings much more accessible to the many people in the town who work.”

She also proposed bringing the operations of the Town Clerk’s Office to local libraries and other community forums. “The town clerk [could] go into each and every one of those council districts several times a year, appear at the senior centers and the local libraries to have discussions with people,” she said.

Like Di Santo, LaValle stressed he would maintain an active community presence if elected. “I want to go out, I want to be at senior centers, I want to be at civic meetings, I want to be in chambers of commerce, talking about what the clerk’s office does,” he said. “You have to get out there. You have to be a part of the community.”

Brookhaven residents will decide on these two candidates this Tuesday, Jan. 17. Polls open from 6 a.m. to 9 p.m., and residents can report to their regular polling place on Election Day.

by -
0 319
Pixabay photo

The recent ransomware attack against the Suffolk County government has sparked questions regarding our relationship with technology. 

We often take for granted the convenience offered by our devices. Today, we can communicate at lightning speed thanks to email and text messaging. A week’s supply of groceries is just a few clicks away. And many can carry out a full day of work without leaving their homes. 

The digital revolution has permeated nearly every facet of our lives, finding the quickest, simplest, most convenient solutions to almost all of our daily problems. But are there consequences to our increasingly digital way of life? If the Suffolk County cyberattack has taught us anything, the answer is an emphatic “yes.”

While our county officials work through the ransomware situation, we must take a closer look at our technologies at home. What kind of sensitive records are stored within our smartphones and personal computers? How much could someone with access to these devices learn about us?

While most give very little thought to these matters, we must take a greater interest in our personal cybersecurity. If hackers can infiltrate the county’s network, crippling the government’s entire system for over a month, they can invade your home computer, too.

The digitization of all records is not the answer to our problems. Our social security cards and birth certificates are safer in the filing cabinet than on our computers. If we refrain from uploading these sensitive records to our devices, we deny hackers the chance to use them against us.

To protect oneself against ransomware, the Cybersecurity & Infrastructure Security Agency, an operational component of the U.S. Department of Homeland Security, recommends installing antivirus software, firewalls and email filters. CISA also advises upgrading all applications and operating systems, as outdated programs are frequent targets for ransomware.

Users can defend themselves, too, by verifying email senders and cautiously approaching all email attachments. One should only use a single card for all online purchases to prevent access to multiple financial accounts. Most importantly, people should stay current on cybercrime trends to remain ahead of the curve.

Remember that hackers cannot access records we do not upload. With caution and common sense, we can better protect ourselves from the growing threat of ransomware and other malicious activities online.

by -
0 306
Pixabay photo

The recent ransomware attack against the Suffolk County government has raised important questions about the relationship between citizens, governments and technologies.

A confirmed ransomware event took place in early September. The hack crippled the county’s information technology infrastructure, and recovery efforts remain ongoing. 

In the wake of these events, the hack prompted critics to question the digitization of sensitive information and how governments can better secure their IT networks.

What is ransomware?

Nick Nikiforakis is an associate professor in the Department of Computer Science at Stony Brook University. His research focuses on web security and privacy. In an interview, he described how ransomware works.

“Ransomware is, effectively, malicious software that infiltrates a machine, starts encrypting all sorts of private documents, spreadsheets, anything that is of value, and then leaks out to the attacker the encryption key and potentially the data that was encrypted,” he said. 

Some forms of ransomware affect only a single machine, according to Nikiforakis. Other strains may spread into several devices, potentially infecting an entire network.

Ransomware is the confirmed vector of attack for Suffolk County. However, how hackers first entered the county’s system is unknown to the public. 

While the details of the county hack are scanty, Nikiforakis said cyberattackers commonly use emails with malicious attachments. In other instances, they can locate vulnerable software within a network, exploit that weakness and breach that system. Once hackers gain access to the system, they hold sensitive information for ransom. 

“The original idea behind ransomware is that if you don’t pay the attacker the money that they ask, then you lose access to your data,” Nikiforakis said. 

Backup software was developed, in part, to mitigate this concern. Regardless, as technologies have evolved, so has cybercrime. 

“Even if you have the ability to restore your data from backups, now you have to deal with the attacker having access to your data and threatening you with making that data public, which is what’s happening in this case,” Nikiforakis said.

Based on the information available, Nikiforakis said the attackers likely gained access to speeding tickets and various titles, among other sensitive materials. “This is definitely a cause for concern, and that is why, in certain cases, people decide to pay, to avoid this blowback that will come from the data being made publicly available.”

A question of payment

Ransomware raises an ethical dilemma for government officials, namely whether to use public funds to pay a ransom.

“People can take a philosophical approach and say, ‘We don’t negotiate with terrorists,’ and I understand that,” Nikiforakis said, “But then the rational thing for the attacker to do is to make that data available to the public. Because if he doesn’t, then the next victim will also not pay him.” 

The profitability of the ransomware operation depends upon the victim trusting that the criminals will comply with the conditions of the transaction. The ransomware business model would fail if cyberattackers generally went against their word.

For this reason, Nikiforakis said payment and compliance could sometimes be in the interests of both parties. 

“I think it’s a very rational decision to say, ‘Let’s pay and accept this as a financial loss and let’s make sure that this doesn’t happen again,’” he said.

In Suffolk County, however, putting this theoretical framework into action is more complicated. Responsibility for paying ransomware payments would be vested in the Office of the Comptroller, which oversees the county’s finances. 

During an election interview last month with county Comptroller John Kennedy Jr. (R), he hinted that compromising with cybercriminals is off the table.

“There is no predicate in the charter, in the New York State County Law, in the Suffolk County code, to take taxpayer money and give it to a criminal,” he said.

‘Technology is moving so quickly that it is incredibly challenging for government to keep up.’ 

— Sarah Anker

The effect on the county’s government operations

The ransomware attack has also aggravated concerns over securing the county’s IT apparatus. Kennedy likened the problem to a fire code, saying fire codes often include provisions for masonry walls and other buffers that reduce the spread of a fire.

“If a fire starts, it doesn’t take down the whole complex. It stops at the masonry wall,” he said. “Our system was not configured with those hard breaks, other than some separation of function out in Riverhead in the County Clerk’s Office.” 

Suffolk County Legislator Sarah Anker (D-Mount Sinai), whose office was attacked by ransomware in 2017, has advocated for serious IT reform for some time. She followed the county’s technology closely and expressed frustration over how the initial attack occurred.

“I could tell, and I could feel, that there needed to be more done,” she said. “It has hampered the government, it has affected our constituents. Maybe it could have been worse, but it should have never happened.”

Suffolk County Sheriff Errol Toulon Jr. (D) explained his office’s many challenges since the hack. Though communications systems are slowly returning online, the initial attack disrupted both external and internal communications within the Sheriff’s Office.

“From a jail and police perspective, it really hindered us in the beginning,” he said. “Emails that we received from other law enforcement agencies or any communication with our community was stopped for a significant amount of time.”

New York State’s Division of Homeland Security and Emergency assisted the Sheriff’s Office as Toulon’s staff worked without an operational communication network. Because of this coordination, Toulon maintained that the functions of the jails were more or less appropriately executed.

“We wanted to make sure that any individual that was supposed to be released from our custody was released on time,” the county sheriff said. “No one was incarcerated longer than they had to be.” 

Preparing for the future

Toulon suggested the existing IT network is too centralized and interconnected. To prevent future failure of the entire network, he proposed creating separate silos for each department.

“I feel that the District Attorney’s Office, the Sheriff’s Office, the [County] Clerk’s Office and the Comptroller’s Office should be totally separate from the County Executive’s Office,” Toulon said, “So if, god forbid, this were to happen again in the future, we wouldn’t be directly impacted like everyone else.”

Anker said she and a newly formed panel of county legislators are beginning to explore ways to harden the network and apply strategies that work elsewhere.

“As we move forward, we need to see what the other municipalities and corporations are doing,” she said. “What types of programs and software do they have that prevent these attacks?”

The rate of software development, according to Anker, is outpacing the ability of governments to respond effectively. While IT departments must remain ahead of the cybercriminals to keep their digital infrastructure safe, staying out front is easier said than done.

“Technology is moving so quickly that it is incredibly challenging for government to keep up,” she said. “I would like to see more accountability in all respects and from everyone as we move forward with new technology.”

While the recent cyberattack focuses on the government, Anker believes ordinary citizens are also at risk from hostile online actors. The county legislator contended more work should be done to alert community members of these dangers.

“Not enough is being done regarding community outreach,” she said. “There needs to be more education on preventing an attack even on your home computer.”

Nikiforakis proposed that greater attention be given to digitizing personal records. According to him, those records in the wrong hands could unleash great harm. 

“Ransomware was a big game-changer for attackers because it allows them to monetize data that would not be traditionally monetizable,” he said. “Through ransomware, suddenly everything that is of value can be monetized.”

The SBU associate professor supports software upgrades, cybersecurity protocols and other measures that protect against ransomware. But, he said, a broader conversation needs to take place about the nature of digitization and whether individuals and governments should store sensitive files online.

“More and more things that didn’t used to be online are suddenly available online,” he said. “We have to reassess the eagerness with which we put everything online and see whether the convenience that we get out of these systems being online is a good return on investment, given the risks.”

by -
0 1031
Commack HIgh School. Photo from Google Maps

On Tuesday, Nov. 8, the Commack School District experienced a network outage,  according to a press release from the district.

It was determined by the district’s network engineers that this service disruption is a result of a ransomware virus.

“At this time, we have contacted federal, state and local authorities, including Homeland Security, and we are working closely with our cyber Insurance carrier.,” the statement read. “Ransomware such as this is a criminal act, and an investigation is currently underway.  There is no evidence at this time that any student or staff information has been accessed.”

The district will continue to work with law enforcement agencies and its team to resolve the issue.

TBR News Media is your local news and entertainment website.
We provide you with the latest breaking news and information for your community.
Contact us: [email protected]

Most Viewed

©