Tags Posts tagged with "cybersecurity"

cybersecurity

Smithtown town clerk candidates Tom McCarthy, left, and Bill Holst debate the issues facing the office. Photos by Raymond Janis

Former Smithtown Town Clerk Vincent Puleo (R) got a promotion last November when county voters elected him as Suffolk County clerk after 16 years in the Smithtown Town Clerk’s Office.

The vacancy Puleo left behind in January has remained unfilled ever since. Now, for the first time in nearly two decades, town residents will choose his successor.

Stepping forward for the role are Bill Holst (D) and Tom McCarthy (R). McCarthy is not the same person as incumbent town Councilman Thomas J. McCarthy (R).

Holst has served in various public service roles throughout his professional career. He was an assistant town attorney in Smithtown and Central Islip. He was appointed as Suffolk County clerk by former Gov. Mario Cuomo (D) until losing that post in an election against then-county Legislator Ed Romaine (R).

“By and large, I enjoy public service,” Holst said. “I think there’s an opportunity, since the town clerk’s position has been vacant since January, to improve the dialogue” within town government.

McCarthy hails from the security sector, where he worked in various management roles and specialized in investigations, executive protection and security aberrations.

“It’s not about politics. It’s about service,” he said. “I was responsible for all aspects of managing a multimillion-dollar profit center in addition to overseeing all the security operations. I have skill sets in administration, finance, operations, client services and HR,” adding that he intends to leverage this private-sector background for Smithtown residents.

Role of the clerk

In outlining what he views as the principal responsibilities of the town clerk, McCarthy referred to the position as “a forward-facing client service office” that also serves as secretary to the Town Board.

“We provide licenses that protect people, property and the environment,” he said. “The town clerk provides permits for people to make a living lawfully. We touch people’s lives at very tender moments — birth, marriage.”

He emphasized that the town clerk is not a policymaker but a service provider. “What it’s about is transparency, security of the records and providing those services to our people,” McCarthy said.

Holst referred to the clerk’s office as “the gateway to the town.” He emphasized that the position has been vacant since January, with the deputy clerks having kept the office running since that time.

“I think that if the people in the existing office can run the office without anyone being appointed, then the person who is running should be able to justify what they’re bringing,” he said. “I’m bringing years of experience as an assistant town attorney, a county attorney and the chief legal officer of the City of Long Beach, where I was involved with things like land use.”

While the clerk may fall outside the political functions overseen by the Town Board, Holst said the clerk’s role is to “make them reach higher on behalf of the taxpayers.”

Cybersecurity

In light of last year’s cyberattack against the Suffolk County government, a ransomware event crippling the county government’s IT infrastructure for months and compromising residents’ sensitive information, both candidates were asked how they would fortify the town’s network, keeping sensitive records safe.

Holst said overseeing the system’s passwords would be a necessary deterrent while coordinating closely with town IT personnel. “I think that in terms of the security matters, it all has to be done with the town’s IT department,” he said.

McCarthy cited deterrence, detection and response as the “three pillars of cybersecurity.” He noted that the human element is generally the weakest link within any cybersecurity program.

“The biggest part is training and enabling your people, creating an environment where they can be excellent,” he said.

Resident access

As a service provider within town government, the clerk frequently interacts with constituents. McCarthy touted the accessibility of the office as it stands today.

“We want the experience to be welcoming,” the Republican candidate said. “We want 100 percent customer satisfaction. You can do that by providing an environment where your team can reach excellence, and they can produce and provide a service to the public.”

Holst contended that the real value of the clerk’s position comes from maximizing its service functions as outlined under the code. “Even with Freedom of Information Act [requests] … the Town Code talks about how documents can be made through the Town Clerk’s Office,” he indicated.

Staffing

Currently, there are two appointed deputy clerk positions within the office, with the others being civil service positions. When asked for the principles that would guide personnel matters, Holst said his past experience working alongside civil service officials would be an asset.

“I had a lot of dealings with labor issues, and I definitely respect anyone who’s in the civil service,” he said.

McCarthy said his private-sector background has guided his approach to personnel hires. He emphasized finding staff who are enthusiastic about providing a service and adding value to others.

“One of the things you want is someone who enjoys people, has the personality and the intelligence to learn and a dedication to do customer service,” he said. “Those are the skills you look for.”

Open government

When asked how they would promote open government within the office and bring residents closer to town government, McCarthy emphasized the value of transparency. “From the outside looking in, I see a functional office,” he said. “If you just get on the website, you can get just about any information you want.” He also promoted maintaining an open-door policy.

Holst said the clerk could advocate for promoting the Public Officers and Open Meetings laws. “I don’t think the Open Meetings law is being followed,” he said. “Although I can’t force [the Town Board] to do something, I can certainly raise the issue.”

Smithtown voters will choose one of these two candidates on Tuesday, Nov. 7.

Moderator Chanteé Lans questions businessman Dave Calone, left photo, and Town of Brookhaven Supervisor Ed Romaine, right photo, on senior issues during a candidate forum Tuesday, Oct. 10, at Stony Brook University. Photos by Raymond Janis

Candidates for Suffolk County executive went before the public Tuesday evening, Oct. 10, tackling various matters related to the county’s aging population and other topics.

Held at Stony Brook University’s Charles B. Wang Center and hosted by AARP-NY, Town of Brookhaven Supervisor Ed Romaine (R) and businessman Dave Calone (D) fielded questions mainly on how they would assist seniors if elected next month to the county’s highest post.

Chanteé Lans, Long Island correspondent for WABC-TV, moderated the candidate forum, asking questions posed by AARP members.

Calone is a former federal prosecutor with private-sector experience assisting start-ups on Long Island and nationwide. “I believe that we need new ideas, new vision and, quite frankly, new leaders to bring us into the next decade,” he said.

Before assuming the role of town supervisor, Romaine served as Suffolk County clerk and county legislator. He staked his platform for county executive upon his experience in public life.

“I’m coming to change county government for the better,” he said. “I’m coming to build a budget that’s honest, transparent and that deals with situations.”

Housing

Suffolk County residents are increasingly being priced out, from young adults to seniors entering retirement, with many opting to leave the region in favor of a cheaper cost of living elsewhere.

Romaine emphasized the need to construct new housing units to ameliorate these challenges. He pledged to use the county executive’s office to encourage federal subsidization for senior housing.

“Long Island has been shortchanged in so many ways,” he said. “I intend to be a very strong voice to advocate for Section 202/8 housing so we can have senior housing for those who can least afford it.”

Calone described housing scarcity in Suffolk as the number one issue among many residents, exacerbated further by a lack of affordability. He noted that the problem has compound effects on the small business sector, which often needs more workers who cannot afford to live in the county.

“I would appoint a county chief housing officer to work with our towns and villages to identify where we already have the infrastructure we need to be able to build housing immediately,” Calone said.

Cybersecurity

Calone said the county government must ensure it has the proper cybersecurity protections, such as cyber insurance. He supported having a cybersecurity officer oversee the county’s information technology systems.

“When it comes to individuals, we need to make sure that we take those learnings and use them to help individuals understand when they’re at risk,” he said.

Romaine said introducing cybersecurity insurance, placing the county’s data center in the cloud and conducting periodic penetration tests would be necessary to enhance cybersecurity within the county government.

“I’d have a better system than we have in the county now,” he noted.

Aging in place

To assist seniors with difficulties aging in place, Romaine proposed sweeping repeals to “regressive taxes” on home necessities.

“We tax your LIPA bill, we tax your heating fuel, we tax your natural gas, we tax your propane,” he said. “We are one of the few counties in the state that does that. I am making a commitment to repeal those taxes.”

Calone said that roadway safety would be a critical matter to support seniors. To allow for aging in place, he advocated for incentives for developers to promote senior accessibility at homes. “There are simple things we can do at the outset — when things are being built — to make sure that we have aging in place,” he said.

County voters will decide on these two candidates in under a month. Election Day is Tuesday, Nov. 7.

Pixabay photo

Internet fraud, a worsening cybercrime phenomenon, has reached downtown Port Jefferson.

Through various tactics, online scam artists have successfully targeted storefronts and events throughout Port Jefferson, scoring hundreds of dollars in profits. 

During the 4th annual ice festival in late January, scammers sold eight fake tickets for a mac ‘n’ cheese crawl organized by the Greater Port Jefferson Chamber of Commerce. On the day of the event, victims presented their fraudulent tickets.

The tickets “looked very official,” said Barbara Ransome, the chamber’s director of operations. However, when chamber staff asked those presenting these scam tickets when they had purchased them, their response revealed that something was out of place.

“They said, ‘We got them two days ago,’ and that’s when I realized this was a scam because we had been sold out … for at least a week and a half,” Ransome said, adding that the popularity of the event created an opening for scam artists. “My speculation is that this person saw that these tickets were sold out, saw that people were looking for them and created this whole fraud situation.”

At Theatre Three on Main, a similar practice has gained traction. Although the theater sells tickets at $35 per seat, online ticket scammers have capitalized by selling back-row seats at enormous markups. 

Douglas Quattrock, the theater’s director of development and artistic associate, reported one such incident where a couple spent nearly 10 times the going rate. “We had a couple that paid $672 for a pair of tickets,” he said.

Although only “a handful” of theatergoers have fallen prey to these ticket scams at Theatre Three, Quattrock considered the practice disruptive to operations.

“Being a smaller not-for-profit, we try to keep our prices very family oriented,” he said. However, he added that “scammers see this market as very attractive.”

But online scams are not limited to ticket sales. Jena Turner owns the Port Jeff-based gift shop Breathe, which offers nontraditional healing remedies and psychic readings. 

In an interview, Turner reported that multiple phony social media accounts have emerged, using her photos and business name to solicit payments from unsuspecting patrons. 

“Right now, I know that there are five accounts that stole my photos and are pretending to be me,” she said. 

Social engineering

“There are standard social engineering tactics, such as giving the victim a sense of urgency or taking advantage of their appeal to authority.”

— Nick Nikiforakis

Nick Nikiforakis, associate professor in the Department of Computer Science at Stony Brook University, said internet fraud is becoming a growing concern for small business sectors, which are increasingly vulnerable to malicious cyber activities. 

He contends that online criminals have shifted their sights on smaller boutique organizations because large corporations are investing more resources into cybersecurity systems. 

“Effectively, you have cybercriminals who are customizing their attacks toward small businesses,” he said. 

Turner’s case, according to Nikiforakis, represents a common social engineering scenario.

A social engineer “makes an online account for a company with a brick-and-mortar presence and then tries to take the recognizable name and the good faith that the business has built,” the associate professor said. 

He added, “They are targeting online users, pretending to be the person running this business,” tricking their victims “to send them money, divulge information or in some way get people to participate in a scam.”

A downtown dilemma

Turner said she has reported her digital imposters but has received no relief in removing these scam accounts from the Instagram platform. 

“I had reported it to Instagram several times — and by several, I can say probably more than 20,” she said. “Instagram hasn’t done anything about it.”

Nikiforakis noted that there are considerable technical limitations for social media companies in policing social engineering activities. While they could theoretically verify with storefront owners whenever a platform is created in their name, online scammers often find creative ways to circumvent such safeguards.

“Things can be done, but this is inherently a cat-and-mouse game,” he said. Social engineers “are not attacking a security vulnerability. … They are abusing people’s faith and trust in institutions and recognizable brands.”

Lacking assistance from Big Tech, Turner said she took matters into her own hands, creating a video in which she wrote out her authentic social media handle by hand.

“I made that video, and I just keep reposting it on my story and on my Facebook so that people aren’t falling for it,” she said. “That’s been really helpful.”

But, she added, “We have over 8,000 followers, so not everyone has seen the video. Unfortunately, the scam is still ongoing.”

To respond to the number of ticket scam incidents, Theatre Three similarly released a statement on its website condemning third-party ticket vendors. “The only place to buy tickets from us should be www.theatrethree.com,” Quattrock said.

Still, he encouraged patrons to remain on guard for potentially inflated ticket prices and to approach online transactions cautiously. 

For those who may suspect a ticketing scam, he implored them to call the theater directly before completing the transaction.

“If it looks suspicious to you, just call the theater and verify that they’re on the right website,” he said.

As online fraud persists throughout the local area, businesses and customers are not without recourse. Nikiforakis indicates that awareness of the typical social engineering strategies can help users protect themselves from participating in online scams.

“There are standard social engineering tactics, such as giving the victim a sense of urgency or taking advantage of their appeal to authority,” he said. “For both patrons and companies, by actively resisting this, you can slow down and potentially defend yourself against an attack.”

Suffolk County Executive Steve Bellone (D) and county officials announced Friday, Feb. 17, that Suffolk has made progress restoring cybersecurity.

Suffolk County Executive Steve Bellone, County Clerk Vincent Puleo and Chief Deputy County Executive Lisa Black were on hand Feb. 17 to announce the county’s progress in restoring cybersecurity. Suffolk County photo

The announcement comes after county websites, servers and networks have been offline since September last year — the results of cyberattacks that first struck at the end of 2021. The county’s main website was restored online Friday, with more services coming online this week.

Bellone thanked everyone involved, including county IT professionals and County Clerk Vincent Puleo (R), who entered office earlier this year.

“His leadership and his partnership in the brief time that he’s been on the job has allowed us to make incredible progress, and he’s responsible for the announcement that we have today,” Bellone said.

The county executive reviewed key findings from a forensic investigation of the cyberattack that began in the County Clerk’s Office in December of 2021. According to Bellone, hackers were able to enter the clerk office’s system, and for eight months were able to operate before securing additional credentials to migrate into the general county system.

Bellone added that an IT director in the clerk’s office had been placed on administrative leave after, the county executive said, the director obstructed efforts, resulting in countless delays to restore security.

Bellone said every county office was deemed clean by Oct. 17, except for the County Clerk’s Office, and the expense of the security breach has been “extremely costly to taxpayers of this county.”

Despite hackers demanding $2.5 million from the county, Suffolk refused to pay the ransom.

Bellone said the county had replaced the County Clerk Office’s firewall with the most updated protection.

“The clerk’s office has been deemed clean, and we are able to start to restore online services beginning with the county website,” he said.

The county executive said he knows now the segregated IT environment within the various county offices was a mistake. He added it was fair to criticize him.

“I should have more quickly implemented the recommendations in the 2019 cybersecurity assessment, which I commissioned, to hire an additional executive level leader focused on cybersecurity,” Bellone said.

Puleo said the county’s IT department’s dedication has been unwavering during the process.

“Going forward, we will do everything we can in the clerk’s office to cooperate and get things where they belong and keep the protection so that the whole county IT is protected from future attacks,” the county clerk said.

A special election for Brookhaven Town Clerk will take place Tuesday, Jan. 17. Above, Kevin LaValle (left) and Lisa Di Santo, respective nominees for the Republican and Democratic parties. Photos by Raymond Janis

Early voting is underway for the next Brookhaven town clerk, and the two major party candidates are making their pitch to the voters.

Former Town Clerk Donna Lent (I) retired in November, triggering a special election for her unexpired term ending in 2025. Town of Brookhaven Councilman Kevin LaValle (R-Selden) and community advocate Lisa Di Santo, the Democratic Party nominee, will square off at the polls Tuesday, Jan. 17.

During a joint meeting of the Selden and Centereach civic associations Thursday, Jan. 5, the two candidates were questioned on a range of topics related to the operations of the Town Clerk’s Office. Civic members generated some of the questions with others fielded from the audience.

Introductions

Di Santo is a former social studies teacher who taught students about participation in government. She also served as a trustee of the South Country school board in East Patchogue, where she lives. 

“I have always participated in government, and I feel that I can be an independent voice of reason in the Town Clerk’s Office,” she said. “We have many of the same people filling many of the same positions over and over again. … That leads to a bit of stagnation, and I think it’s time for a fresh set of ideas, a fresh set of eyes, on what’s happening in the Town Clerk’s Office.”

Before entering government, LaValle owned a title agency. He then received a loan mortgage originator’s license and has worked in mortgage banking ever since. The councilman worked on the staff of former Suffolk County Legislators Dan Losquadro (R) and Tom Muratore (R). He was elected to serve Brookhaven’s 3rd Council District in 2013 in an area which includes Lake Grove, Centereach, Selden and parts of Lake Ronkonkoma, Farmingville, Port Jeff Station and a piece of Holbrook. 

 “I think I’ve accomplished a great deal as councilman, but I come before you now, again, to say that as town clerk, I am going to bring a new energy,” he said. “I am going to bring a new work ethic to the Town Clerk’s Office that has not been seen before.”

Duties of town clerk

Both candidates were asked about the function of the town clerk. For Di Santo, the clerk must ensure the accurate recording of Town Board meetings and the efficient filing of legal records, among other tasks. She emphasized the significance of the Freedom of Information Law request process.

“One of the most important things has to do with [being] the appeals officer for FOIL requests that come to the town,” she said. “People who live here and pay taxes should be able to access that information.”

The Democratic candidate also said the incoming clerk must assess and modernize the existing technology in the office. “I have spoken with some people who work in the Town Clerk’s Office and told me that their technology is at least 10 years out of date,” she said. “That is something that is certainly personally scary to me.”

LaValle viewed the clerk’s role as threefold, that is to “secure, maintain and distribute vital records of the residents of the Town of Brookhaven.” He referred to the office as a “vital hub,” servicing residents in the best and worst times.

“I believe the efficiency could be improved in the Town Clerk’s Office,” he said. “Cybersecurity, I think that’s something we can take to another level.”

He viewed the clerk as a service provider rather than a policymaker or revenue generator, noting that empowering and providing the staff with the necessary resources will be critical. “As the clerk, the focus will be about making sure the staff has the tools to be able to do their job,” he said.

Cybersecurity

Addressing the September ransomware attack against the Suffolk County government, LaValle assessed shortcomings within the county’s IT network. He described the need for coordination between departments, recommending the town continues its transition to cloud technologies to avert a similar scenario.

“The cloud is probably the best security that you can have, but we have to stay vigilant and make sure we’re looking at new technologies as we move along to make sure our information stays secure,” the councilman said.

Di Santo concurred that replacing outdated technology will be a priority. She stressed the need to properly oversee the transition to new platforms and work out any technical or logistic challenges that may arise.

“When you have new technology, one of the things that is crucial is to make certain that the staff is comfortable with that technology, that they’re fully trained so that they are able to use that to the best of their ability,” she said.

Staffing

After conversations with staff members, Di Santo painted a bleak picture of the current situation within the Town Clerk’s Office. “The office is actually understaffed,” she said. “Morale is really not very good in the office. You have a lot of turnover, so it’s very difficult to have the best customer service when you have staff changing and needing to be retrained.”

She reiterated that “a fresh set of eyes” from somebody outside government will help identify areas for improvement and generate potential solutions.

LaValle said he would prefer close collaboration with the Town Board, analyzing any barriers to efficient staff operations. He then stated a desire to fund personnel better.

“I want to be able to go in, take a real good look at what is going on in the office,” he said. “Do we need more employees? Should we pay our employees more?”

He also advanced the need to offer a vision the staff can get behind. “We have to work with the employees and build a team concept,” he said. “I want to make this the best clerk’s office in New York state. Without our employees buying into my leadership and what I want to do, that’s not going to happen.”

Resident access

Both candidates addressed the need to decentralize the office, to move services out of Town Hall and into the various hamlets and villages throughout the township. LaValle introduced a multipronged approach, including attending community meetings and building a more prominent multimedia presence.

“I want to be a town clerk going out to various functions,” he said. “A lot of people here see me in a lot of different events. That’s something I’m going to continue to do because I think the outreach of going out to the public and showing them what the clerk’s office does … is fundamentally important.”

He added, “I want to be able to go out and bring back some transparency — new social media platforms, doing videos on Channel 18 talking about what we can do to help residents.”

Di Santo said she has heard from multiple residents that resident access to public records can be slow. She again centered on requests for public information.

“The town clerk is the final appeals officer for the FOIL law,” she said. “In some cases, those requests get bounced from one department to another and the clock seems to run out.”

She added, “People who are residents, our taxpayers, are asking for information from their town, and in many cases it seems that it is being stonewalled. The town clerk has a responsibility to provide that information.”

Open government

Candidates were asked what the term “open government” means and how they would bring town government closer to the people.

“Open government means giving everyone the opportunity to participate at their fullest,” Di Santo said. “I would, as town clerk, try to appeal to the Town Board members to make many of the meetings much more accessible to the many people in the town who work.”

She also proposed bringing the operations of the Town Clerk’s Office to local libraries and other community forums. “The town clerk [could] go into each and every one of those council districts several times a year, appear at the senior centers and the local libraries to have discussions with people,” she said.

Like Di Santo, LaValle stressed he would maintain an active community presence if elected. “I want to go out, I want to be at senior centers, I want to be at civic meetings, I want to be in chambers of commerce, talking about what the clerk’s office does,” he said. “You have to get out there. You have to be a part of the community.”

Brookhaven residents will decide on these two candidates this Tuesday, Jan. 17. Polls open from 6 a.m. to 9 p.m., and residents can report to their regular polling place on Election Day.

Pixabay photo

The recent ransomware attack against the Suffolk County government has raised important questions about the relationship between citizens, governments and technologies.

A confirmed ransomware event took place in early September. The hack crippled the county’s information technology infrastructure, and recovery efforts remain ongoing. 

In the wake of these events, the hack prompted critics to question the digitization of sensitive information and how governments can better secure their IT networks.

What is ransomware?

Nick Nikiforakis is an associate professor in the Department of Computer Science at Stony Brook University. His research focuses on web security and privacy. In an interview, he described how ransomware works.

“Ransomware is, effectively, malicious software that infiltrates a machine, starts encrypting all sorts of private documents, spreadsheets, anything that is of value, and then leaks out to the attacker the encryption key and potentially the data that was encrypted,” he said. 

Some forms of ransomware affect only a single machine, according to Nikiforakis. Other strains may spread into several devices, potentially infecting an entire network.

Ransomware is the confirmed vector of attack for Suffolk County. However, how hackers first entered the county’s system is unknown to the public. 

While the details of the county hack are scanty, Nikiforakis said cyberattackers commonly use emails with malicious attachments. In other instances, they can locate vulnerable software within a network, exploit that weakness and breach that system. Once hackers gain access to the system, they hold sensitive information for ransom. 

“The original idea behind ransomware is that if you don’t pay the attacker the money that they ask, then you lose access to your data,” Nikiforakis said. 

Backup software was developed, in part, to mitigate this concern. Regardless, as technologies have evolved, so has cybercrime. 

“Even if you have the ability to restore your data from backups, now you have to deal with the attacker having access to your data and threatening you with making that data public, which is what’s happening in this case,” Nikiforakis said.

Based on the information available, Nikiforakis said the attackers likely gained access to speeding tickets and various titles, among other sensitive materials. “This is definitely a cause for concern, and that is why, in certain cases, people decide to pay, to avoid this blowback that will come from the data being made publicly available.”

A question of payment

Ransomware raises an ethical dilemma for government officials, namely whether to use public funds to pay a ransom.

“People can take a philosophical approach and say, ‘We don’t negotiate with terrorists,’ and I understand that,” Nikiforakis said, “But then the rational thing for the attacker to do is to make that data available to the public. Because if he doesn’t, then the next victim will also not pay him.” 

The profitability of the ransomware operation depends upon the victim trusting that the criminals will comply with the conditions of the transaction. The ransomware business model would fail if cyberattackers generally went against their word.

For this reason, Nikiforakis said payment and compliance could sometimes be in the interests of both parties. 

“I think it’s a very rational decision to say, ‘Let’s pay and accept this as a financial loss and let’s make sure that this doesn’t happen again,’” he said.

In Suffolk County, however, putting this theoretical framework into action is more complicated. Responsibility for paying ransomware payments would be vested in the Office of the Comptroller, which oversees the county’s finances. 

During an election interview last month with county Comptroller John Kennedy Jr. (R), he hinted that compromising with cybercriminals is off the table.

“There is no predicate in the charter, in the New York State County Law, in the Suffolk County code, to take taxpayer money and give it to a criminal,” he said.

‘Technology is moving so quickly that it is incredibly challenging for government to keep up.’ 

— Sarah Anker

The effect on the county’s government operations

The ransomware attack has also aggravated concerns over securing the county’s IT apparatus. Kennedy likened the problem to a fire code, saying fire codes often include provisions for masonry walls and other buffers that reduce the spread of a fire.

“If a fire starts, it doesn’t take down the whole complex. It stops at the masonry wall,” he said. “Our system was not configured with those hard breaks, other than some separation of function out in Riverhead in the County Clerk’s Office.” 

Suffolk County Legislator Sarah Anker (D-Mount Sinai), whose office was attacked by ransomware in 2017, has advocated for serious IT reform for some time. She followed the county’s technology closely and expressed frustration over how the initial attack occurred.

“I could tell, and I could feel, that there needed to be more done,” she said. “It has hampered the government, it has affected our constituents. Maybe it could have been worse, but it should have never happened.”

Suffolk County Sheriff Errol Toulon Jr. (D) explained his office’s many challenges since the hack. Though communications systems are slowly returning online, the initial attack disrupted both external and internal communications within the Sheriff’s Office.

“From a jail and police perspective, it really hindered us in the beginning,” he said. “Emails that we received from other law enforcement agencies or any communication with our community was stopped for a significant amount of time.”

New York State’s Division of Homeland Security and Emergency assisted the Sheriff’s Office as Toulon’s staff worked without an operational communication network. Because of this coordination, Toulon maintained that the functions of the jails were more or less appropriately executed.

“We wanted to make sure that any individual that was supposed to be released from our custody was released on time,” the county sheriff said. “No one was incarcerated longer than they had to be.” 

Preparing for the future

Toulon suggested the existing IT network is too centralized and interconnected. To prevent future failure of the entire network, he proposed creating separate silos for each department.

“I feel that the District Attorney’s Office, the Sheriff’s Office, the [County] Clerk’s Office and the Comptroller’s Office should be totally separate from the County Executive’s Office,” Toulon said, “So if, god forbid, this were to happen again in the future, we wouldn’t be directly impacted like everyone else.”

Anker said she and a newly formed panel of county legislators are beginning to explore ways to harden the network and apply strategies that work elsewhere.

“As we move forward, we need to see what the other municipalities and corporations are doing,” she said. “What types of programs and software do they have that prevent these attacks?”

The rate of software development, according to Anker, is outpacing the ability of governments to respond effectively. While IT departments must remain ahead of the cybercriminals to keep their digital infrastructure safe, staying out front is easier said than done.

“Technology is moving so quickly that it is incredibly challenging for government to keep up,” she said. “I would like to see more accountability in all respects and from everyone as we move forward with new technology.”

While the recent cyberattack focuses on the government, Anker believes ordinary citizens are also at risk from hostile online actors. The county legislator contended more work should be done to alert community members of these dangers.

“Not enough is being done regarding community outreach,” she said. “There needs to be more education on preventing an attack even on your home computer.”

Nikiforakis proposed that greater attention be given to digitizing personal records. According to him, those records in the wrong hands could unleash great harm. 

“Ransomware was a big game-changer for attackers because it allows them to monetize data that would not be traditionally monetizable,” he said. “Through ransomware, suddenly everything that is of value can be monetized.”

The SBU associate professor supports software upgrades, cybersecurity protocols and other measures that protect against ransomware. But, he said, a broader conversation needs to take place about the nature of digitization and whether individuals and governments should store sensitive files online.

“More and more things that didn’t used to be online are suddenly available online,” he said. “We have to reassess the eagerness with which we put everything online and see whether the convenience that we get out of these systems being online is a good return on investment, given the risks.”

Talise Geer

Suffolk County Community College student Talise Geer recntly was honored with the Vanguard Award.

The student recognition award that acknowledges outstanding students who are enrolled in career and technical education programs that prepare them for professions that are not traditional for their gender, the Vanguard Award is presented annually by the Nontraditional Employment & Training Project — an initiative administered by SUNY Albany’s Center for Women in Government & Civil Society in partnership with the New York State Education Department.

Geer was one of 15 state-wide finalists, and is one of eight state-wide award recipients for pursuing a new career in cybersecurity.

She was notified of her win  earlier this month.

 “I had been searching for a long time to find my fit, a passion —  and I found it in cybersecurity,” she said. “I feel honored to be have been recognized as one of the winners of the Vanguard Award. I look forward to what the future holds for me and holding the door open for other women seeking to enter this field.”

The Vanguard Award Ceremony will be held virtually at the Nontraditional Employment Training Conference in April.

Geer, a Wading River, married mom to a six-year-old daughter, was working successfully in sales after earning a bachelor’s degree from SUNY Old Westbury. But, she wanted more.

“I wanted to find a profession with job security,” Geer said, adding “and to do something I loved and with the opportunity for advancement.”

Geer researched emerging professions and settled on cybersecurity.

“I needed a school offering a cyber security major, a great faculty, affordability and convenience,” she said, “Suffolk County Community College had everything I needed.”

“Talise started with very little computer knowledge, but she fought through every challenging course, and she has continuously improved substantially with each class. Talise always comes prepared for class, hands in all assignments on time, and shows enthusiasm for every topic,” said Susan Frank, assistant professor of cybersecurity.

“Talise fully understands the significance of a nontraditional career,” Frank added, “and she is determined and prepared to succeed in the male dominated field of information technology. Cybersecurity offers her a world of opportunity with a higher salary, quick career advancement and job security. A traditional field could not provide all of these benefits.”

Frank said that Geer is the perfect person for the honor.

“I’m very thankful for the time I spent at Suffolk, the professors and for Professor Frank nominating me for this prestigious award,” Geer said. 

Geer’s next stop is the New York Institute of Technology Cybersecurity Master’s program.

“I hope more girls, more women transition to this field,” Geer said. “It’s possible! And I hope to inspire more girls and women to enter cybersecurity. I’m honored and hope that a girl or woman in a seemingly dead-end job considers cyber security as a future career.”

Talise Geer

Suffolk County Community College’s Talise Geer is a finalist for a prestigious Vanguard Student Recognition Award that acknowledges outstanding students who are enrolled in career and technical education programs that prepare them for professions that are not traditional for their gender. The Vanguard Award is presented annually by the NET (Nontraditional Employment & Training) Project, an initiative administered by SUNY Albany’s Center for Women in Government & Civil Society in partnership with the New York State Education Department.

Geer is one of 15 state-wide finalists for the award and pursuing a new career in cybersecurity.

Geer, a Wading River, married mom to a six-year-old daughter, was working successfully in sales after earning a bachelor’s degree from SUNY Old Westbury. But, she wanted more.

“I wanted to find a profession with job security,” Geer said, adding “and to do something I loved and with the opportunity for advancement.”

Geer researched emerging professions and settled on cybersecurity. “I needed a school offering a cyber security major, a great faculty, affordability and convenience,” she said, “Suffolk County Community College had everything I needed.”

“Talise started with very little computer knowledge, but she fought through every challenging course, and she has continuously improved substantially with each class. Talise always comes prepared for class, hands in all assignments on time, and shows enthusiasm for every topic,” said Assistant Professor of Cybersecurity Susan Frank.

“Talise fully understands the significance of a nontraditional career,” Frank said, “and she is determined and prepared to succeed in the male dominated field of information technology. Cybersecurity offers her a world of opportunity with a higher salary, quick career advancement and job security. A traditional field could not provide all of these benefits. All of her training, along with her amazing attitude and aptitude, makes Talise Geer one of the most deserving Vanguard Award nominees,” Frank said.

“I’m very thankful for the time I spent at Suffolk, the professors and for Professor Frank nominating me for this prestigious award,” Geer said, and also thanked all of her professors for their help in her journey.

Vice President of Academic and Student Affairs Dr. Paul Beaudin was quick to affirm Talise’s observation about the great faculty at Suffolk.  “As in many of our departments at the College, we are richly blessed to have a cadre of men and women in this program who are not only scholars and practitioners, but who are dedicated to student success in the classrooms, the labs, and in experiential learning,” Beaudin said.

Geer’s next stop is the New York Institute of Technology (NYIT) Cybersecurity Master’s program, having demonstrated sufficient knowledge in the courses she took at Suffolk.

Geer said that she applied to NYIT, was accepted and pleased to learn that a majority of her Suffolk courses will transfer over.  “I don’t think I could have been accepted unless I had the technical background taught to me at Suffolk, Geer said.  “I feel competent and prepared.”

“I hope more girls, more women transition to this field,” Geer said. It’s possible! And I hope to inspire more girls and women to enter cyber security. I’m honored and hope that a girl or woman in a seemingly dead-end job considers cybersecurity as a future career,” Geer said.

Group created Facebook link using Brookhaven server with anti-Trump message

An ISIS-inspired Facebook page posted a link to an anti-American propaganda page created using Brookhaven Town servers Sunday. Image from Facebook

A pro-ISIS group successfully hacked the Brookhaven Town web servers for at least three hours Sunday, June 25.

Brookhaven was one of 76 municipalities affected by the hack, according to Deputy Supervisor Daniel Panico (R-Manorville). The anti-American group created a page with hateful propaganda against the USA and the President of the United States.

Panico and Supervisor Ed Romaine (R) addressed the incident during a press conference at Town Hall June 26. The group, called Team System DZ created a link using the Brookhaven Town servers to a static, “look-alike” webpage at the address www.https://www.brookhavenny.gov/index.html, and posted it on their Facebook page with the message “Government sites continue to be fondled,” in Arabic, according to Google Translate. The standard brookhavenny.gov website was not impacted and the propaganda page was not visible anywhere on the site, though “out of an abundance of caution,” the town server has been quarantined and the town webpage was taken down.

At the time of this posting the town website remains down, though Romaine said he expected it to be restored within 24 hours of the press conference. The propaganda page has been taken down and currently lists an error message.

“You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries,” the message read in part.

Panico said he was alerted about the issue after a town employee notified the town’s information technology department about the breach after reading a New York Post story posted at about 1:30 p.m. with information about the Facebook post by the group.

Panico was asked if it was concerning the town was alerted thanks to media reports rather than its own security defenses.

“It was a Sunday, and I don’t know anyone in our IT department that checks ISIS-related Facebook pages,” he said. “We’re pretty thorough here at the town, but I don’t know that our IT department combs the pages of those people who hate America.”

Romaine said officials from a Suffolk County cybercrimes unit were speaking with the town’s IT director while the press conference was going on, and the FBI and Homeland Security would assist in investigating the breach. Romaine added U.S. Rep. Lee Zeldin (R-Shirley) offered full assistance of federal investigative personnel to get to the bottom of the incident, and he had also been in contact with U.S. Sen. Chuck Schumer’s (D) office Monday.

Brookhaven Councilman Daniel Panico and Supervisor Ed Romaine address a hack of town servers during a press conference June 26. Photo by Alex Petroski

“It’s disconcerting and we don’t write it off as a prank,” Romaine said during the press conference. “We take threats like this, cyber threats, seriously.”

Panico said no information was extracted from the website or servers, and possible actions to prevent future breaches are part of the investigation. He also said it is unclear how long the servers were infiltrated by the hackers. Panico disputed claims the message was posted on the town website’s homepage. Romaine said this was the first time the town had suffered a breach like this.

“None of our records that we know of were breached,” Panico said, adding that the town’s financial information is stored on the cloud offsite on different servers.

Zeldin addressed the hack in an emailed statement through spokeswoman Jennifer DiSiena.

“I will continue to do anything in my power to improve cyber security and protect against other threats facing our nation at home and abroad,” he said.

Marisa Kaufman, a spokeswoman from Schumer’s office, said in an email they have been in contact with Brookhaven about the issue and are looking into the matter. Schumer sent a letter to Department of Homeland Security Secretary John Kelly urging him to launch an immediate investigation into the incident.

“The possibility that these breaches were done by an ISIS or terror-affiliated organization is especially troublesome; citizens deserve to feel like their everyday critical infrastructure, especial their local government’s website are safe and usable,” the letter said.

This version was updated June 26 to include comments from Schumer and the message on the page.

Suffolk County Community College’s $2.9 million will be used to train individuals with the skills and credentials required to meet the growth in cybersecurity, manufacturing and health information technology. Photo from SCCC

A $2.9 million cybersecurity, manufacturing and health information technologies U.S. Department of Labor job training grant — the largest single grant in Suffolk County Community College history — has been awarded to the college.

The college will collaborate with Suffolk County Workforce Development Board, New York State Department of Labor, Suffolk County Department of Labor and independent business, including Alken Industries Inc., GKN Aerospace Monitor Inc., Precipart Inc. and Custom Computer Specialists Inc., as well as business-related nonprofit organizations the Manufacturing Consortium of Long Island, Long Island Science Technology Engineering and Math Hub and New York State Workforce Development Institute in executing the grant.

The $2,949,237 Resources and Education that Support Training Opportunities within the Regional Economy (RESTORE) Grant, according to college president Shaun L. McKay, will be used to train individuals by providing them with the skills and credentials required to meet the growth in cybersecurity, manufacturing and health information technology.

“The RESTORE Grant will allow our college to focus new and additional resources on recognizing and empowering residents in our region … to develop new skills and earn higher wages.”

—Shaun McKay

RESTORE is part of the federal government’s national TechHire initiative that is funded by H1B visa fees, nonimmigrant visa that allows U.S. companies to employ foreign workers in specialty occupations that require theoretical or technical expertise in specialized fields such as in architecture, engineering, mathematics, science and medicine; and intended to train local workforces with the skills required by regional industry.

“The RESTORE Grant will allow our college to focus new and additional resources on recognizing and empowering residents in our region with the education and training they need to develop new skills and earn higher wages,”  McKay said.

The president explained that some workers may be just starting their careers, while others may be older workers who don’t have the basic skills to allow them to assume more responsibility and reach higher paying roles. Others could also be workers who may have the competencies but not formal credentials to excel at a more senior-level job in their field.

The RESTORE Grant will provide the resources for retraining individuals and upskilling to earn an associate’s degree and transfer to a baccalaureate program for expanded career options. Boot camp training programs will be developed and students will prepare for online coursework while learning valuable industry and job readiness skills to help them excel.

McKay said the college envisions the RESTORE Grant providing training for 350 students.

“Ultimately,” McKay said, “our goal is to ensure that local, highly trained and motivated individuals remain on Long Island.”