Solarwinds investigation

Quite a debate about this:

“The US SEC has roiled the cybersecurity industry by putting executives of SolarWind on notice that it may pursue legal action for violations of federal law in connection with their response to the 2020 attack on the company’s infrastructure that affected thousands of customers in government agencies and companies globally.”

SEC notice to SolarWinds CISO and CFO roils cybersecurity industry

US SEC staff have recommended legal action against individual SolarWinds employees, including the CISO — an unusual move that is causing a stir among cybersecurity professionals.

CSO OnlineApurva Venkat

Security and Infosec can require a very diverse number of Stakeholders that need to action…stuff. Sometimes they don’t want to, and you have to deal with “Isn’t that IT’s job?”.

My personal feeling - if you’re sat in the big chair, then you’re responsible for it. And responsible for the consequences as well. It’ll make CISOs more personally responsible. But I don’t see an issue with that.

Am I taking too ‘European’ a view on this?