在現代 AMI 環境中,智慧電表與閘道器的通訊模式極具規律性。任何偏離這些模式的行為都是配置錯誤、維運異常或資安威脅的重要早期指標。本手冊提供了一套結構化方法,協助 IT 與 OT 團隊偵測並驗證最常見的網路層級異常。
關鍵 AMI 異常類型與驗證步驟
1. 發現不明設備
AMI 子網路中出現新硬體,通常反映了未記錄的外勤工作、電表更換或未經授權的廠商存取。
Mendel 偵測: 自動識別新資產並根據角色(如 DLMS/COSEM 伺服器)進行分類。
驗證檢查清單:
- 服務驗證: 確認該區域近期是否有維護記錄或電表更換。
- 通訊分析: 審視該設備使用的協定、連接埠及其主要的通訊對象。
- 模式比對: 與同一子網路中已知的電表類型行為進行比對。
2. 首次出現的通訊模式
出現未曾見過的協定或連接埠,可能代表未經授權的韌體更新、診斷工具誤用或配置偏移。
驗證檢查清單:
- 標準合規性: 驗證該協定是否屬於標準 AMI 營運範疇。
- 維護背景: 檢查近期是否有韌體推送或廠商維護活動。
- 地理位置審查: 確保通訊目的地國家不具備資安疑慮。
3. 違反網路分段的禁止通訊
通訊超出核准邊界(例如流量流向網際網路),通常代表路由錯誤、防火牆或閘道器配置失效。
驗證檢查清單:
- 架構對齊: 確認目的地是否屬於核准的 AMI 通訊設計(如 Head-End 平台)。
- 變更審計: 檢查近期是否有路由或防火牆規則的變更記錄。
4. 未預期的 DLMS/COSEM 參數變更
應用程式層級出現未預期的 SET 操作,可能代表電表數值或設定遭到未經授權的篡改。
驗證檢查清單:
- 基準比對: 將新參數值與預期的基準配置進行比對。
- 來源歸因: 驗證發起變更的 IP 地址是否為受信任且獲授權的系統。
結語
網路層級的可視性將異常偵測轉化為具體的維運控制。透過實施這些實戰手冊與一致的驗證步驟,團隊可以確保 AMI 環境的穩定與安全。
About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.
MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.
MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
