SolarWinds cyber case, a significant legal matter handled by the SEC, has concluded
In a significant development, the U.S. Securities and Exchange Commission (SEC) and SolarWinds have reached a settlement in principle to resolve litigation related to the 2020 compromise of SolarWinds' Orion platform by Russian cyber operatives.
The settlement, if approved, would completely resolve the ongoing legal proceedings against SolarWinds and its Chief Information Security Officer, Tim Brown. The planned filing date for the final settlement is set for September 12.
The 2020 SolarWinds attack involved hackers deploying malicious code into SolarWinds' Orion IT monitoring and management software. Approximately 20,000 SolarWinds customers downloaded and installed these malicious updates. This compromised code was subsequently pushed to downstream targets as a legitimate software update.
Among the likely primary targets of this cyberattack were U.S. government entities, including the Department of Energy (DoE) and the National Nuclear Safety Administration (NNSA), the latter responsible for maintaining the U.S. nuclear weapons stockpile.
The SEC's claims also alleged that SolarWinds and Brown ignored, covered up, or provided false information to customers regarding connections between various cyberattacks on different Orion users throughout 2020. The SEC's claims against SolarWinds and Brown, dismissed in part, alleged that the defendants knowingly defrauded investors by overstating the resilience of the organization’s security practices and by understating or failing to disclose known risks.
Judge Engelmayer did sustain several charges against SolarWinds, including allegations of public misrepresentations concerning the resilience of SolarWinds' access controls. Judge Paul Engelmayer of the U.S. District Court for the Southern District of New York has stayed all deadlines in the case and adjourned oral arguments scheduled for later in the month.
The SEC's rules on security incident reporting, which became effective at the end of 2023, focus on actions taken by security leaders following an incident. The SEC's initial dismissal of many claims against SolarWinds and Brown, made in 2021, was based on hindsight and speculation.
A SolarWinds spokesperson stated that the settlement is subject to approval by the SEC and they cannot discuss the terms at this time. The spokesperson also stated that they are pleased with the potential resolution and happy to focus on driving their business forward without distraction.
It's worth noting that the January 23, 2021, Executive Order from President Trump's White House was designed to support the cryptocurrency sector. However, this order does not seem to be directly related to the SolarWinds-SEC settlement.
The intended negotiations regarding the dispute between the US Securities and Exchange Commission (SEC) and SolarWinds belong to representatives or legal counsel of both the SEC and SolarWinds. The settlement in principle, if approved, marks a significant step towards resolving one of the most high-profile cybersecurity incidents in recent history.
Read also:
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- Companies exercise prudence towards AI adoption, ensuring secure implementation: Exploring safeguards and strategies.
- Stolen Brain Data of Sinner and Leclerc (Yellow chroma), previously held in China, repurposed for military training purposes.
- Increased instances of Russian-originated disinformation on social media platforms detected following the shooting of Kirk
