In a new filing with the US Southern District Court of New York, SolarWinds argued that the Securities and Exchange Commission was outside of its depth of expertise as well as its scope of authority in charging SolarWinds and its chief information security officer with mishandling the now-infamous, 2020, Russian-backed cyber espionage attack on its Orion platform.
In late October 2023, the SEC charged SolarWinds and its CISO Tim Brown of securities fraud and internal controls failures for their response to the sophisticated cyberattack campaign that ultimately led to the compromise of several US government agencies using SolarWinds software.
The SEC alleges the company knew it didn't have appropriate cybersecurity controls in place to protect their systems, yet failed to act.
Further, the SEC asserted that although SolarWinds insiders including Brown were well aware of suspicious activity in the systems, they willfully misled customers about the possible threat.
The SEC also accuses Brown of dumping SolarWinds stock, profiting around $170,000, thanks to his insider information before the cyberattack was made public and stock values went into freefall.
Immediately following the announcement of the charges, SolarWinds vowed to mount a defense in court.
The new motion to dismiss offered a detailed denial of the SEC's accusations.
SolarWinds points out that the SEC was unable to specifically identify which SolarWinds security controls ran afoul of regulation.
SolarWinds and Brown acted appropriately and maintained transparency throughout the response, the company said, adding it is SolarWinds which is being unfairly characterized by the SEC as a perpetrator, rather than the victim of a cybercrime.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 29 Jan 2024 21:45:14 +0000