SolarWinds challenges SEC Lawsuit
SolarWinds seeks dismissal of SEC charges over the Orion cyberattack, arguing the SEC lacks expertise, scope, and authority to charge SolarWinds..
SolarWinds has filed a case with the US Southern District Court of New York to dismiss the Securities and Exchange Commission’s (SEC) decision to charge Solarwinds and its chief information security officer Tim Brown for failing to respond to the cyberattack on its Orion platform that affected several US government agencies. SolarWinds has cited that it is outside the expertise, scope and authority of SEC to charge SolarWinds.
In the detailed submission, SolarWinds has alleged that the SEC ‘is seeking to twist the concept of accounting controls into a sweeping mandate for it to regulate public companies’ cybersecurity controls — a role for which the SEC lacks congressional authorization or substantive expertise.’ The company further argued that SECs ‘..theory of ‘internal accounting controls’ violations amounts to a wholesale rewriting of the law,’ and that ‘The agency is seeking to twist the concept of accounting controls into a sweeping mandate for it to regulate public companies’ cybersecurity controls — a role for which the SEC lacks congressional authorization or substantive expertise.’
The company argued that they and the CISO acted appropriately, maintaining transparency throughout the response and that the company was being unfairly characterised as a perpetrator, rather than the victim of a cybercrime.