>SEC implications

Don't apply to matters of national security. Seeing as solar winds supplied every branch of government and just about every company that matters in the U.S., I would imagine that there are a lot of people under gag orders, or prohibited from talking about classified Intel with people that don't have clearance. To be safe, it'd be wise to not have company officers who also hold clearances.

Do you have a citation for that? I'm not aware of anything about having a clearance which indemnifies you for fraud.

I am not a lawyer and merely [poorly] paraphrasing what I've heard in discussion about this legal quandary. The problem as I see it is that in order for a judge to not immediately dismiss a case the aggrieved party needs to have some evidence that these statements were made falsely. Considering the CISA opsec guidelines, there should not be a corporate paper trail detailing officials knowledge, so where and how do you get evidence that can be admitted to court? Witnesses would presumably be under similar NATSEC restrictions, have questionable custody of the evidence, or worse, they can only provide hearsay.

You mentioned gag orders, you should know there's largely no such thing in the US, outside of NSLs which don't apply here. The United States does not have an equivalent of the official secrets act in the UK. In order to be restrained from talking about national security information, you would need to have signed an NDA ahead of time.

The statement about supposed CISA opsec guidelines is equally confusing, can you please cite the specific guidance you're referring to which would keep executives in the dark? I'm pretty familiar with the guidance CISA has issued and I don't believe any such advice has ever been given.

Before an executive would talk to the media about a subject like this, they would absolutely have gotten details from their internal security team.