Trends
SolarWinds wins partial dismissal in SEC fraud case
A US judge dismissed most of the SEC’s lawsuit against SolarWinds, ruling the claims were based on “hindsight and speculation.”
Headline
A US judge dismissed most of the SEC’s lawsuit against SolarWinds, ruling the claims were based on “hindsight and speculation.”
Context
OUR TAKE The SEC’s action disregards the complexities of cybersecurity, demanding SolarWinds disclose every incident, akin to aiding hackers. Companies must strike a balance between transparency and security, and the SEC’s stance disrupts this. What the SEC should do is focus on promoting cybersecurity practices instead of punishing victims of cyberattacks. –Ashley Wang, BTW reporter A US judge has dismissed the majority of a Securities and Exchange Commission (SEC) lawsuit against software company SolarWinds , which was accused of defrauding investors by hiding its security weaknesses before and after a cyberattack linked to Russia.
Evidence
Pending intelligence enrichment.
Analysis
The cyberattack, known as Sunburst, targeted SolarWinds’ Orion software platform, infiltrating several US government networks, including those of the Departments of Commerce, Energy, Homeland Security, State, and Treasury. Disclosed in December 2020, the full consequences of the attack remain unclear, though the US government attributes it to Russia, which was then denied by Russia. US District Judge Paul Engelmayer in Manhattan dismissed all claims against SolarWinds and Timothy Brown, its chief information security officer, over statements made post-attack. He ruled these claims were based on “hindsight and speculation.” In his 107-page decision, the judge also dismissed most SEC claims regarding statements made before the attack, except for securities fraud claims related to a statement on SolarWinds’ website about the company’s security controls. SolarWinds expressed satisfaction with the decision, labelling the remaining claim against the company as “factually inaccurate.” Also read: Cybersecurity threats: The shadowy realities of digital espionage Also read: Three layers of security required by IoT platforms
Key Points
- A US judge dismissed most of the SEC’s lawsuit against SolarWinds, ruling the claims were based on “hindsight and speculation.”
- The SEC accused Solarwind of concealing the vulnerability and severity of the attack, ignoring the complexity of cybersecurity and being biased with hindsight.
Actions
Pending intelligence enrichment.
