The U.S. Securities and Exchange Commission (SEC) has officially dismissed its high-profile case against SolarWinds and its Chief Information Security Officer (CISO), Timothy Brown, which was tied to a Russia-linked cyberattack. The case, which the SEC brought in late 2023, initially caused significant concern within the cybersecurity community. The case also faced legal scrutiny from a judge who dismissed many of the charges, leading to the eventual resolution. The SEC, SolarWinds, and Timothy Brown filed a joint motion to dismiss the case with prejudice, according to a stipulation posted on the agency’s website.
A SolarWinds spokesperson released a statement expressing relief over the decision, describing it as ‘clearly delightful.’ The spokesperson said the resolution would alleviate concerns among CISOs regarding the potential chilling effect of the case on their work. The spokesperson also emphasized the importance of the resolution in providing clarity and allowing cybersecurity professionals to focus on their responsibilities without the fear of legal repercussions.
The case had initially raised questions about the intersection of cybersecurity and financial regulations. The SEC had alleged that SolarWinds and Timothy Brown violated U.S. securities laws by concealing vulnerabilities in connection with the high-profile 2020 Sunburst cyberattack. The dismissal of the case now marks a significant development in the regulatory landscape, offering a potential precedent for future cases involving cybersecurity and corporate disclosures.