Chamber of Commerce, security executives file amicus briefs for SolarWinds in SEC case
The U.S. Chamber of Commerce, security executives and prominent former government officials filed a set of amici curiae briefs late Friday in support of SolarWinds in its case against the U.S. Securities and Exchange Commission.
Why it matters: The signatories include former national cyber directors Chris Inglis and Kemba Walden, Activision Blizzard CISO Brett Wahlin, and former Clorox CISO Amy Bogac.
What's happening: The following groups submitted briefs asking the U.S. District Court for the Southern District of New York to dismiss the SEC's case against SolarWinds and its top security executive, Timothy Brown:
- The Chamber of Commerce and the Business Roundtable
- BSA, a tech lobby that represents enterprise software companies
- A group of more than 30 current and former security executives
- The Cyber Governance Alliance, the GlobalCISO Leadership Foundation and Internet Security Alliance and other cybersecurity consulting groups
- A group of 21 former government officials
Catch up quick: In October, the SEC filed a first-of-its-kind complaint alleging that SolarWinds and Brown presented misleading and false statements about the company's cybersecurity risks and practices from October 2018 to "at least" Jan. 12, 2021.
- SolarWinds was the main target in an extensive Russian cyber espionage campaign in late 2020.
- Last week, SolarWinds filed a motion to dismiss the SEC's case.
What they're saying: "Never before has the SEC sued the victim of a nation-state cyberattack; sued a company for securities fraud based on the company's cybersecurity disclosures; or sought to hold an individual personally liable for those disclosures," the BSA wrote in its filing.
In a statement, Serrin Turner, an attorney at Latham & Watkins who is representing SolarWinds, said the company is "grateful" for the new briefs.
- The briefs "highlight that the SEC's positions in this case are not only unsupported by the law but raise serious security concerns for companies, CISOs, and the public at large," Turner said. "We remain confident that SolarWinds' disclosures at all times were appropriate, and the SEC's assertions otherwise are fundamentally flawed."
Between the lines: Many of the briefs express concern that the SEC's case will have a chilling effect on companies and government offices that can help during an active cyberattack.
The intrigue: The Chamber of Commerce and the Business Roundtable argued that if the SEC wins this case, it will set a precedent that allows the agency to prosecute any company that doesn't adhere to its own internal policies.
- "The SEC's interpretation creates profound uncertainty for the members of the Chamber and Business Roundtable because it suggests a standard that is virtually impossible to meet and discernible only in hindsight," the two business groups said in their filing.
Of note: Security leaders also expressed concern that the charges could hinder their ability to even talk with their teams about potential problems within their company's networks.
- "Maintaining any organizational policy involves identifying and rectifying deficiencies, and candid discussions between CISOs, their teams, and organizational leadership are essential for any cybersecurity program seeking to mitigate risk," the executives wrote in their brief.
The other side: An SEC spokesperson declined to comment "beyond the public filings or our recent statement on this matter."