SEC’s SolarWinds case may ‘chill’ cybersecurity reporting

February 3, 2024
2 mins read

TLDR

The Software Alliance, a trade group representing tech companies globally, has filed an amicus brief arguing that the U.S. Securities and Exchange Commission’s (SEC) case against SolarWinds should be dismissed. The group claims that the case could have a chilling effect on cybersecurity reporting practices and undermine cybersecurity efforts. The SEC had charged SolarWinds with fraud and internal control failures after a major cyberattack in 2019. SolarWinds has filed for the dismissal of the case, stating that the SEC’s charges are baseless.

Key Points

  • The Software Alliance (BSA) has filed an amicus brief arguing for the dismissal of the SEC’s case against SolarWinds, claiming it could harm cybersecurity reporting practices.
  • SolarWinds was charged with fraud and internal control failures after a major cyberattack in 2019, which resulted in nearly 18,000 customers receiving a compromised software update.
  • The SEC alleges that SolarWinds concealed poor security practices and increased cybersecurity risks, leading to the cyberattack.
  • The Software Alliance argues that the SEC’s case is unprecedented and threatens cybersecurity efforts by making it harder for companies to respond to cyber-threats.
  • SolarWinds has requested the dismissal of the case, stating that the SEC’s charges are baseless and an attempt to revictimize the victim.

The Software Alliance, also known as BSA, a trade group that advocates for tech companies globally, has filed an amicus brief with the U.S. District Court Southern District of New York, arguing that the U.S. Securities and Exchange Commission (SEC)’s pursuit of charges against SolarWinds should be dismissed. The group claims that the case could “chill an important source of public information about cybersecurity, to the detriment of the global information technology ecosystem.”

The SEC had charged SolarWinds with fraud and internal control failures after a major cyberattack in 2019, which became one of the most significant cyberattacks in history. The cyberattack, known as Sunburst, resulted in nearly 18,000 of SolarWinds’ customers receiving a compromised software update, including the U.S. government. However, SolarWinds now claims that fewer than 100 customers were actually hacked through the attack.

The SEC alleges that SolarWinds concealed poor security practices and increased cybersecurity risks that led to the cyberattack. The agency claims that SolarWinds made an incomplete disclosure about the attack in a December 2020 filing, causing its stock price to drop.

The Software Alliance argues that the SEC’s pursuit of charges is unprecedented and threatens cybersecurity efforts. They claim that the case could make it more difficult for companies to respond to sophisticated cyber-threats. The group also raises concerns about the chilling effect on candid internal deliberations and communications with law enforcement and national security authorities.

SolarWinds has requested the dismissal of the case, stating that the SEC’s charges are baseless and an attempt to “revictimize the victim.” The company argues that its disclosures were appropriate and that the SEC’s assertions are fundamentally flawed.

The SEC spokesperson declined to comment on the case. Serrin Turner, an attorney representing SolarWinds, stated that they are grateful for the support shown in the amicus briefs and remain confident in their disclosures.

Latest from Blog

MediSecure hacked with massive ransomware data breach

Summary of ‘MediSecure hit by large-scale ransomware data breach’ TLDR: MediSecure, an Australian prescriptions provider, was hit by a large-scale ransomware attack. The incident is believed to have originated from one of

Equalizing cybersecurity for all

TLDR: A discussion on how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection, and response solutions. Blumira is working to lower the barrier to entry in cybersecurity for

Big cyber-attacks cost less now

Summary of Unexpectedly, the cost of big cyber-attacks is falling TLDR: Cybercrime costs are expected to rise to $23 trillion by 2027, according to Anne Neuberger Data shows that the economic impact