SolarWinds breaks free, waving bye to SEC’s legal entanglements

January 30, 2024
1 min read




Summary of Article

TLDR:

SolarWinds has filed a motion to dismiss the SEC lawsuit, providing a detailed defense of how the cyber espionage attack on its system was handled. The company argues that the SEC lacks both the expertise and authority to charge SolarWinds and its chief information security officer (CISO) with mishandling the attack. The SEC alleges securities fraud and internal controls failures, claiming that SolarWinds knew it lacked appropriate cybersecurity controls and misled customers about the threat.

SolarWinds Files Motion to Dismiss SEC Lawsuit

In response to charges from the Securities and Exchange Commission (SEC), SolarWinds has filed a motion to dismiss the lawsuit, providing a detailed defense of its handling of the Russian-backed cyber espionage attack on its Orion platform in 2020.

The SEC had charged SolarWinds and its CISO Tim Brown with securities fraud and internal controls failures for their response to the cyberattack campaign. The SEC alleged that SolarWinds knew it lacked appropriate cybersecurity controls and willfully misled customers about the threat. They also accused Brown of insider trading by dumping SolarWinds stock before the cyberattack was made public.

SolarWinds immediately vowed to mount a defense in court following the charges. The new motion to dismiss offers a detailed denial of the SEC’s accusations, arguing that SolarWinds made proper disclosures before and after the attack and that the SEC is overstepping their authority by seeking to regulate public companies’ cybersecurity controls.

The company points out that the SEC failed to clearly identify which security controls violated regulations and asserts that the SEC is attempting to rewrite accounting controls laws. SolarWinds maintains that it acted appropriately and transparently throughout the cyberattack response, claiming to be a victim rather than a perpetrator of the cybercrime.

Overall, SolarWinds is seeking to have the lawsuit dismissed, asserting that the SEC lacks the necessary expertise and authority in cybersecurity to bring the charges against the company and its CISO. The case raises larger questions about the role of regulatory bodies in overseeing and regulating cybersecurity controls for public companies.


Latest from Blog

Top CISA official looks back on four years of cyber work

TLDR: Eric Goldstein, a top official at CISA, reflects on progress made in cybersecurity during his tenure. Key achievements include understanding cyber risks, collaboration with industry, and encouraging secure product development. Eric

Juggling AI cybersecurity highs and lows

TLDR: At the 2024 MIT Sloan CIO Symposium, industry leaders discussed the challenge of balancing AI’s benefits with its security risks, particularly focusing on generative AI. While generative AI can bring benefits

Get your free Cyber Security eBook now Valued at $169

“`html TLDR: Key Points: Claim your complimentary eBook worth $169 for free before May 22. The eBook covers practical applications of cyber security and network security for professionals, engineers, scientists, and students.