In a filing with the US Southern District Court of New York, SolarWinds argued that the SEC was outside of its depth of expertise as well as its scope of authority when charging SolarWinds and its Chief Information Security officer with mishandling the 2020 Russian-backed cyber attack on its Orion platform. The SEC charged SolarWinds and CISO Time Brown of securities fraud and internal controls failures for their response to the cyberattack campaign that led to the compromise of US government agencies that used SolarWinds software.
The SEC alleges in its suit that the company didn’t have appropriate cybersecurity controls in place to protect their systems, and failed to act. Additionally, the SEC alleges that while SolarWinds insiders were aware of the suspicious activity, they misled customers about the possible threat. The SEC also accuses Brown of dumping SolarWinds stock, thanks to insider information before the attack was made public and stock values dropped. After the announcement of the charges, SolarWinds vowed to mount a defense in court. The new motion of dismiss offered a detailed denial of the SEC’s accusations.