episode-header-image

Jun 2024

21m 5s

SolarWinds and the SEC. [CSOP]

About this episode

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, presents the argument for why the SEC was misguided when it charged the SolarWinds CISO, Tim Brown, with fraud the after the Russian SVR compromised the SolarWinds flagship product, Orion. Our guests are, Steve Winterfeld, Akamai’s Advisory CISO, and Ted Wagner, SAP National Security Services CISO.

References:

Andrew Goldstein, Josef Ansorge, Matt Nguyen, Robert Deniston, 2024. Fatal Flaws in SEC’s Amended Complaint Against SolarWinds [Analysis]. Crime & Corruption.

Anna-Louise Jackson, 2023. Earnings Reports: What Do Quarterly Earnings Tell You? [Explainer]. Forbes.

Brian Koppelman, David Levien, Andrew Ross Sorkin, 2016 - 2023. Billions [TV Show]. IMDb.

Dan Goodin, 2024. Financial institutions have 30 days to disclose breaches under new rules [News]. Ars Technica.

David Katz, 021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance.

Jessica Corso, 2024. SEC Zeroes In On SolarWinds Exec In Revised Complaint [Analysis]. Law360.

Johnathan Rudy, 2024. SEC files Amended complaint against SolarWinds and CISO [Civil Action]. LinkedIn.

Joseph Menn, 2023. Former Uber security chief Sullivan avoids prison in data breach case [WWW DocumentNews]. The Washington Post.

Kim Zetter, 2014. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon [Book]. Goodreads.

Kim Zetter, 2023. SEC Targets SolarWinds’ CISO for Rare Legal Action Over Russian Hack [WWW Document]. ZERO DAY.

Kim Zetter, 2023. SolarWinds: The Untold Story of the Boldest Supply-Chain Hack [Essay]. WIRED.

Rick Howard, 2022. Cyber sand table series: OPM [Podcast]. The CyberWire - CSO Perspectives Podcast.

Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.

Pam Baker, 2021. The SolarWinds hack timeline: Who knew what, and when? [Timeline]. CSO Online.

Staff, 2009. Generally Accepted Accounting Principles (Topic 105) [Standard]. PWC.

Staff. 30 October 2023. SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures [Website]. The U.S. Securities and Exchange Commision.

Staff, 31 October 2023. Securities and Exchange Commission v. SolarWinds Corporation and Timothy G. Brown, No. 23-civ-9518 (SDNY) [Case]. The Securities and Exchange Commission.

Staff, 29 March 2024. Cooley, Cybersecurity Leaders File Brief Opposing SEC’s SolarWinds Cyberattack Case [Press Release]. Cooley.

Stephanie Pell, Jennifer Lee , Shoba Pillay, Jen Patja Howell, 2024. The SEC SolarWinds Enforcement Action [Podcast]. The Lawfare Podcast.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next

So you want to write a book about AI and cybersecurity?

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Caroline Wong, the Chief Strategy Officer at Cobalt to discuss the mechanics of writing a cybersecurity book about AI. References:Ben Smith. “Security Metrics: A Beginner’s Guide” Review [R ... Show More

Cyber-entrepreneurship in the age of CyberAI.

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Kevin Magee, the Global Director of Cybersecurity Startups at Microsoft to discuss Cyber-entrepreneurship in the age of CyberAI. For a complete reading list and even more information, check ... Show More

Veterans Day Special.

Rick Howard, The CyberWire’s Chief Analyst, CSO, and Senior Fellow, and the cast of the entire CyberWire team, honor our U.S. veterans on this special day. Learn more about your ad choices. Visit megaphone.fm/adchoices

Recommended Episodes

Agent Tesla still hits unpatched systems. Hot wallet hacks. AI and DevSecOps. Notes on Fancy Bear and NoName057(16). And some curious trends in the cyber labor market.

There’s a new Agent Tesla variant. Lost credentials and crypto wallet hacks. Tension between DevSecOps and AI. Fancy Bear makes an attempt on Ukrainian energy infrastructure. A look at NoName057(16). Tim Starks from the Washington Post's Cybersecurity 202. Simone Petrella and Hel ... Show More

Ups and downs in the cyber underworld. Enduring effects of COVID-19 in cyberspace. Safer online shopping. “Take me home, United Road, to the place I belong, to Old Trafford, to see United…”

Qbot is dropping Egregor ransomware, and RagnarLocker continues its recent rampage. Cryptocurrency platforms troubled by social engineering at a third party. TrickBot reaches version 100. Stuffed credentials exposed in the cloud. COVID-19 practices may endure beyond the pandemic. ... Show More

Healthcare in the crosshairs.

Ascension healthcare shuts down systems following a cybersecurity event. Updates from RSA Conference. The FDA recalls an insulin pump app. Polish officials blame Russia for recent cyber attacks. IntelBroker claims to have compromised a pair of UK banks. New Mexico’s top cop accus ... Show More

Nicole Perlroth, "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race" (Bloomsbury, 2021)

For years, cybersecurity experts have debated whether cyber-weapons represent a destabilizing new military technology or merely the newest tool in the spies’ arsenal. In This Is How They Tell Me the World Ends (Bloomsbury, 2021), Nicole Perlroth makes a compelling case that cyber ... Show More

The United Kingdom's catastrophic ransomware attack.

The UK faces a looming threat of a catastrophic ransomware attack. The Senate confirms a new National Cyber Director. The rivalry between malware groups BatLoader and FakeBat. BazarCall phishing attack and its unusual use of Google Forms. A serious vulnerability threatens K-12 st ... Show More

Casting a wider hiring net.

The Feds look to cast a wider hiring net. Legislators focus on deepfakes. Cookie stealers bypass MFA on Google accounts. A Fast food hiring chat bot got hacked. Medusa casts her gaze toward extortion. Akira ransomware is active in Finland. GitLab patches critical vulnerabilities. ... Show More

Updates on the hybrid war: hacktivism and hunting forward. Election security. Trends in phishing. The return of Emotet.

Another hacked broadcast in a hybrid war. Hunting forward as an exercise in threat intelligence collection and sharing. Cyber threats to the US midterm elections. Phishing for cryptocurrency. FakeCrack delivers a malicious payload to the unwary. Vacations are back. So is travel-t ... Show More

Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.

A hostile takeover of the Solaris contraband market. Ukraine warns that Russian cyberattacks continue. An overview of 2H 2022 ICS vulnerabilities. Codespaces accounts can act as malware servers. Blank-image attacks. Campaigns leveraging HR policy themes. Dinah Davis from Arctic W ... Show More

Listen to millions of songs and podcasts on Anghami