We were told a story which piqued our curiosity. Our customer’s security team started to get a flood of Beacon alerts from one of their business critical remote sites. Beacon continuously monitors network isolation and it has been running there already around a year without leakages, but all the sudden all different escapes were able to get through. They contacted the operators of that remote site just to find out that there is no such device on the network. It caused plenty of confusion and doubt about the documentation but one thing was for sure. This Beacon should not be able to call home and the device where it should be running does not exist. It was a mystery.
Discussion continued between the security team and the remote site operators and after a while they found out that the system which was calling home was recently replaced by a new device which explained why the device could not be found. But why is Beacon calling home? It means that the old device is now running somewhere else and this should not happen. All removed devices should be securely erased before retirement. A 3rd party service provider who was responsible for the device replacement was contacted after the incident and bit after they got the message Beacon went offline.
When production equipment, computers and other devices are retired from operation, the normal procedure is that the software they used to run should be wiped and/or the equipment destroyed in a controlled way so that there is no chance for the precious assets or important information to leak outside. In this case, it seems that something went wrong with the process. It happened that someone accidentally connected a piece of retired equipment to the public internet and the Beacon immediately called Home.
Sometimes retired equipment is left around as spare parts to be reused later at the site, or for various reasons dumped into electric waste without properly erasing them. It also can happen that equipment can end up for sale on online marketplaces without data erase. We have read some unfortunate examples all the way from military secrets to personal secrets being exposed and found from the used devices sold on Ebay.
Thankfully this case was caught by the Beacon, the offending device properly decommissioned and our customer’s supply chain made more aware of the process failures in the later stages of the system life-cycle. We believe strongly in continuous monitoring of your security controls, once again it paid off.
