January 29, 2024 at 04:50PM
SolarWinds disputed SEC’s jurisdiction and denial of cybersecurity shortcomings charges. SEC alleged SolarWinds failed to protect systems and misled customers about cyber threats. SolarWinds insisted it made proper disclosures, and SEC seeks to regulate cybersecurity controls beyond its scope. SolarWinds maintained transparency and claimed to be unfairly characterized as a perpetrator.
From the meeting notes, it is clear that SolarWinds has filed a motion to dismiss the charges brought by the SEC against the company and its chief information security officer, Tim Brown. The company vehemently denied the allegations and accused the SEC of overstepping its authority and lacking expertise in charging them. Furthermore, SolarWinds emphasized that it had made proper and accurate disclosures before and after the cyberattack, and that the SEC’s attempt to force companies to disclose internal cybersecurity details would be impractical and dangerous. SolarWinds asserted that the SEC was unable to specifically identify which security controls ran afoul of regulations, and accused the agency of seeking to rewrite the law. The company portrayed itself as a victim of cybercrime, maintaining that it had acted appropriately and maintained transparency throughout its response to the cyberattack. SolarWinds argued that the charges brought by the SEC were unfounded and unprecedented.