Judge Limits SEC's Authority in SolarWinds Cybersecurity Case

Federal judge dismisses most claims in SEC lawsuit, restricting oversight to financial controls

The judge ruled that the SEC's authority does not extend to all internal corporate controls.
Most claims against SolarWinds and its executive were dismissed, except for a securities fraud claim.
The case involved the 2020 Sunburst cyberattack linked to Russian intelligence.
Business leaders argued that extending SEC liability would deter transparency about cyberattacks.
The SEC can still pursue claims that SolarWinds misrepresented its cybersecurity practices before the attack.