For a while, privacy in Q2 was looking like it would follow the season’s idiomatic rule: in like a lion, out like a lamb. But it came roaring back in June with a new U.S. state law, EU adequacy decisions, a new EU data transfer mechanism, and more. As we look back over the second quarter of 2021, several important developments are worth noting.

Today’s enterprise operations involve the coordination of several different digital ecosystems but none quite so inflamed as the cybersecurity ecosystem. Technology has been evolving at a rapid pace, and attackers are armed with advanced tactics to steal data and expose secure information. In response, cybersecurity teams deploy numerous tools and solutions to prevent and mitigate these attacks.

Back in June, I wrote about the Transportation Security Agency’s (TSA) new security directive concerning pipeline owners and operators. The order mandated those entities to disclose security incidents such as the ransomware attack that affected the Colonial Pipeline Company back in May to the TSA and the Cybersecurity & Infrastructure Security Agency (CISA).

OT networks often rely on Windows systems for various ICS applications including HMIs, historians, and data gateways. Beyond that, they also commonly rely on Windows systems to run associated IT-networks.

As businesses emerge from the pandemic, many are making strategic decisions about their long-term work arrangements. While there is a substantial debate about remaining remote or bringing people back to the office, many companies are choosing to meet in the middle, embracing a hybrid work arrangement that allows people to work both on-site and remotely.

Most discussions around cybersecurity understandably focus on information technology (IT). Assets like cloud services and data centers are typically what companies spend the most time and effort securing. Recently, though, operational technology (OT) has come under increasing scrutiny from leading security experts in both the private and public sectors. In June, for instance, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet about ransomware attacks on OT.

Are you an organization that operates a Bulk Power System (BPS) in the United States? If so, you understand the need to comply with the Critical Infrastructure Protection (CIP) standards. Developed by the North American Electric Reliability Corporation (NERC), CIP is a set of requirements through which in-scope entities can protect themselves against digital attacks, thereby strengthening the reliability of the U.S. electric grid overall.

In its Interagency Report 7695, the National Institute of Standards and Technology (NIST) defined an application as “a system for collecting, saving, processing, and presenting data by means of a computer.” This broad term covers enterprise applications, consumer applications, and even phone apps. Security is important in all these types of applications, but the focus is not always the same. Let’s explore how below.

We’re going to talk about state versus change. For the purposes of our discussion, you need to know that Tripwire Enterprise offers something called TE Commander. Many enterprise applications lack a native command line interface. This can be a challenge if you want to automate and integrate basic operations, which is a necessary function in most enterprise IT environments.