https://www.cybersecuritydive.com/news/sec-solarwinds-ciso-cfo-orion/653864/ Skip to main content Cybersecurity Dive CONTINUE TO SITE Don't miss tomorrow's Cybersecurity industry news Let Cybersecurity Dive's free newsletter keep you informed, straight from your inbox. [ ] [ ] By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. [Subscribe today] Cybersecurity Dive * Deep Dive * Library * Press Releases * Topics Menu menu * search Search * # Sign up Search [ ] search close search * Strategy * Breaches * Vulnerability * Cyberattacks * Threats * Leadership & Careers * Policy & Regulation An article from site logo SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation Executives were alerted to possible enforcement action related to the Russia-linked supply chain attack. Published June 26, 2023 David Jones's headshot David Jones Reporter * * * * * SolarWinds Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images The Securities and Exchange Commission has notified the chief financial officer and CISO of SolarWinds about potential enforcement actions related to the 2020 cyberattack against the company's Orion software platform, the company disclosed in a regulatory filing with the agency. SolarWinds CFO J. Barton Kalsu and CISO Tim Brown each received the formal notification from the SEC, known as a Wells Notice, alerting them of potential civil enforcement actions stemming from a previously announced investigation into the company's response to the attack. SolarWinds in November 2022 disclosed it had received a Wells Notice in connection with the cyberattack. The investigation related to potential violations of securities laws related to cybersecurity disclosures and public statements. The SEC was also looking into the company's internal controls as well as its disclosure controls and procedures. The campaign, attributed to a Russia-backed threat actor dubbed Nobelium, involved a supply chain attack where malware was installed on the Orion platform and infected private sector companies and government agencies that used the software. SolarWinds was the most high profile victim among numerous other companies attacked during the same campaign. SolarWinds CEO Sudhakar Ramakrishna defended the company's actions in a letter to employees Friday. "Despite our extraordinary measures to cooperate with and inform the SEC, they continue to take positions we do not believe match the facts," he wrote in the letter. "We disagree that any such action is warranted against either the company or any employees, and we will continue to explore a potential resolution of this matter before the SEC makes any final decision." The letter states the company plans to defend itself if the SEC decides to launch any legal recourse. Potential SEC measures against the executives include barring them from engaging in the same actions in the future, imposing civil penalties or barring them from serving as officers or directors of public companies, according to the filing. "Sunburst was a highly sophisticated and unforeseeable attack that the United States government has said was carried out by a global superpower using novel techniques in a new type of threat that cybersecurity experts had never seen before," a company spokesperson told Cybersecurity Dive in an emailed statement. "SolarWinds has acted properly at all times by following long-established best practices for both cyber controls and disclosure." The company said it is cooperating in a "long investigative process that seems to be progressing to charges by the SEC against our company and officers." Potential enforcement action would make the industry less secure "by having a chilling effect on cyber incident disclosure," a spokesperson said. A spokesperson for the SEC said the agency "does not comment on the existence or nonexistence of a possible investigation." The SEC has taken numerous steps to increase transparency and governance related to cybersecurity in recent years. In March the SEC reached a settlement with Blackbaud for $3 million in connection with disclosures related to a 2020 ransomware attack. The agency earlier this month postponed a final rule on cyber incident disclosure requirements for publicly traded companies. * post * share * tweet * print * email Filed Under: Policy & Regulation Cybersecurity Dive news delivered to your inbox Get the free daily newsletter read by industry experts Email: [ ] * Select user consent: [ ] By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. Daily Dive newsletter example Editors' picks * Man sits in an office with technical instruments in the background. Image attribution tooltip Naomi Eide/Cybersecurity Dive Image attribution tooltip Deep Dive A first-hand look inside Walmart's robust security operations The retail behemoth invited a handful of journalists to its tech offices in Bentonville, Arkansas. The scope of Walmart's operations speaks to the lengths enterprises must go to remain secure. By Naomi Eide * Jan. 30, 2023 * In this photo illustration, OpenAI's ChatGPT AI-generated answer to the question "What can AI offer to humanity?" Image attribution tooltip Leon Neal via Getty Images Image attribution tooltip Opinion ChatGPT at work: What's the cyber risk for employers? The use of ChatGPT could run afoul of company policy, copyright concerns, customer confidentiality or even international privacy laws, BlackBerry's CISO writes. Here's what businesses should consider. By Arvind Raman * April 11, 2023 Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter Email: [ ] * Select user consent: [ ] By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter Email: [ ] * Select user consent: [ ] By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. Get the free newsletter Subscribe to Cybersecurity Dive for top news, trends & analysis Email: [ ] * Select user consent: [ ] By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. Most Popular 1. Petro-Canada has more than 1,500 retail locations across the nation of Canada. Suncor Energy continues probe of cyber incident disrupting gas station payments 2. A digital lock on a computer memory board with red and blue lights intersecting MOVEit vulnerability ensnares more victims 3. The White House in Washington, D.C. White House releases cyber budget priorities for next fiscal year 4. SolarWinds SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation Library resources * editorial resource icon Trendline How CISOs are securing the cloud Supported by BDO * studioID resource icon Webinar - on demand How Organizations Balance Security & Software Development Custom content for Snyk * editorial resource icon Trendline Ensuring the cybersecurity of the grid Supported by Operant Networks View all Company Announcements * DigiCert logo DigiCert Enhances DigiCert(r) DNS Trust Manager Speeds with New Point of Presence in Atlanta From DigiCert * Infinidat Enhances Cyber Storage Resilience with InfiniSafe Cyber Detection From Infinidat * First Directory of Virtual CISO Providers Launched by Cynomi From Cynomi * Invary logo Invary Secures Pre-Seed Funding to Launch Innovative Solution for Detecting Hidden OS Threats From Invary View all | Post a press release What We're Reading * # The Record CISA working with agencies to pull exposed network tools from public internet offsite link * # TechCrunch TSMC confirms data breach after LockBit cyberattack on third-party supplier offsite link * # CRN The 10 Biggest Data Breaches of 2023 (So Far) offsite link View all Industry Intel * Reducing Risk With User Access Review Automation Webinar - on demand * Provided by Snowflake Cybersecurity Dive news delivered to your inbox Get the free daily newsletter read by industry experts Email: [ ] * Select user consent: [ ] By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. Daily Dive newsletter example Company Announcements View all | Post a press release DigiCert Enhances DigiCert(r) DNS Trust Manager Speeds with New Point of Presence in Atlanta From DigiCert June 28, 2023 DigiCert logo Infinidat Enhances Cyber Storage Resilience with InfiniSafe Cyber Detection From Infinidat June 15, 2023 First Directory of Virtual CISO Providers Launched by Cynomi From Cynomi June 22, 2023 Invary Secures Pre-Seed Funding to Launch Innovative Solution for Detecting Hidden OS Threats From Invary June 28, 2023 Invary logo Editors' picks * Man sits in an office with technical instruments in the background. Image attribution tooltip Naomi Eide/Cybersecurity Dive Image attribution tooltip Deep Dive A first-hand look inside Walmart's robust security operations The retail behemoth invited a handful of journalists to its tech offices in Bentonville, Arkansas. The scope of Walmart's operations speaks to the lengths enterprises must go to remain secure. By Naomi Eide * Jan. 30, 2023 * In this photo illustration, OpenAI's ChatGPT AI-generated answer to the question "What can AI offer to humanity?" Image attribution tooltip Leon Neal via Getty Images Image attribution tooltip Opinion ChatGPT at work: What's the cyber risk for employers? The use of ChatGPT could run afoul of company policy, copyright concerns, customer confidentiality or even international privacy laws, BlackBerry's CISO writes. Here's what businesses should consider. By Arvind Raman * April 11, 2023 Latest in Policy & Regulation * The White House in Washington, D.C. White House releases cyber budget priorities for next fiscal year By Matt Kapko * SolarWinds SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation By David Jones * Close up of Gary Gensler speaking during a senate hearing SEC delays final rule on cyber incident disclosure as industry pushes back By David Jones * Kemba Walden, acting national cyber director, speaks with David Levy, VP, government, nonprofit and healthcare at AWS, during a fireside chat at the AWS Summit with David Cloud services seen as key tool in shifting balance of cyber risk By David Jones --------------------------------------------------------------------- Industry Dive Logo * * * * Explore * About * Editorial Team * Contact Us * Newsletter * Article Reprints * Press Releases * What We're Reading Reach our audience * Advertising * Post a press release Related Publications * CIO Dive --------------------------------------------------------------------- image/svg+xml Industry Dive is an Informa business (c) 2023 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy. Cookie Preferences / Do Not Sell close menu Search [ ] search * Home * Topics down arrow + Strategy + Breaches + Vulnerability + Cyberattacks + Threats + Leadership & Careers + Policy & Regulation * Deep Dive * Library * Press Releases Get Cybersecurity Dive in your inbox The free newsletter covering the top industry headlines Email: [ ] * Select user consent: [ ] By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter.