The Securities and Exchange Commission on Thursday dropped its case against SolarWinds and its chief information security officer over its handling of an alleged Russian cyberespionage campaign uncovered in 2020, an incident that penetrated at least nine federal agencies and hundreds of companies.
The SEC’s decision brings to a halt one of the more divisive steps under the Biden administration to hold companies’ feet to the fire over their security failings, a groundbreaking suit that a judge last year dismissed in significant measure.
It comes the same day the Federal Communications Commission rescinded Biden-era cyber regulations the FCC wrote in response to another major cyberespionage campaign that saw alleged Chinese hackers infiltrate telecommunications carriers.
Two years ago the SEC took action against SolarWinds and its CISO, Tim Brown, over claims that it didn’t adequately disclose the Sunburst attack that began in 2019, as well as over other security assertions the company made.
The SEC litigation notice Thursday didn’t explain why it had dropped the case. An SEC spokesperson declined to comment beyond the notice.
A SolarWinds spokesperson said the company welcomed the SEC decision. The mere threat of SEC action two years ago had panicked some cyber executives who said it could create a chilling effect to disclose cyber information.
“We fought with conviction, arguing that the facts demonstrated our team acted appropriately — this outcome is a welcome vindication of that position,” the spokesperson said in a statement about how it was “delighted” on behalf of the company and Brown. “We hope this resolution eases the concerns many CISOs have voiced about this case and the potential chilling effect it threatened to impose on their work. With the case now resolved, we look forward to focusing without distraction on delivering exceptional value to our customers through our market-leading software and solutions, emphasizing security and innovation at every step.”
The post SEC drops case against SolarWinds tied to monumental breach appeared first on CyberScoop.
The Securities and Exchange Commission on Thursday dropped its case against SolarWinds and its chief information security officer over its handling of an alleged Russian cyberespionage campaign uncovered in 2020, an incident that penetrated at least nine federal agencies and hundreds of companies. The SEC’s decision brings to a halt one of the more divisive
The post SEC drops case against SolarWinds tied to monumental breach appeared first on CyberScoop. Read MoreCyberScoop
