Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

Energy Business
Richard "Dick" Brooks
Richard "Dick" Brooks
Expert Member
Top Contributor
 · Posted in Energy Business

SEC.gov | SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures

Some people see this SEC complaint filing against Solarwinds as a "shot across the bow" for Officers and Directors to get serious about implementing "good faith" cybersecurity processes following NIST Standards and Guidelines and file these processes in a Form 10-K, starting in December 2023. Click "Read More" button below for details of the Solarwinds SEC Complaint filing.

I believe the message being sent by the SEC is even stronger; IMO this is a torpedo aimed directly at the Officers and Directors manning the bridge that the SEC is serious about enforcing "good faith" cybersecurity processes and practices following NIST cybersecurity standards, that must be disclosed in a Form 10-K starting in December 2023. According to the complaint, Solarwinds Officers thought they could "cover-up" their cybersecurity deficiencies and convince the public they were doing all the "right things following NIST cybersecurity and SDLC standards", when in fact they were not, and were engaged in insider trading to dump Solarwinds stock before the crash knowing the poor state of cybersecurity within the company.

In this digital age it is nearly impossible to cover-up the truth and those that are caught attempting to do so will be held responsible, as this SEC complaint against Solarwinds clearly shows. Click "Read More" below for details of this complaint.

Watch out for those cyber-icebergs, they can ruin your day. Cyber risk is business risk and needs to be governed as such. A paradigm shift is underway in how we think about and manage cybersecurity risk as business risk.

It's far less risk to simply implement "good faith cybersecurity processes", following NIST guidelines, to protect Officers and Directors from personal liability than it is to convince a jury that the evidence they see in a lawsuit, i.e. emails and other artifacts clearly showing scienter among Officers, is false. The National Law Review has published an excellent analysis and summary of this SEC complaint against Solarwinds and the forthcoming SEC Cybersecurity Regulations that go live in December 2023.

Â