It’s an honor to work with you, the members of the heat treat community. We hope you have a wonderful weekend including the Labor Day holiday. Remember to take some time for rest, refreshment, and a recharge for the good work you all do!
Heat Treat Todayoffers News Chatter, a feature highlighting representative moves, transactions, and kudos from around the industry. Enjoy these 21 news bites that will help you stay up to date on all things heat treat.
Company Chatter
HarbisonWalkerInternational (HWI), a North American supplier of refractory products and services, announced that its new Alabama One (AL1) manufacturing facility for steel customers in the southern United States is on track to open before the end of 2022.
Solar Atmospheres of Western PA announced their newly designed vacuum oil quench furnace (VOQ) has passed startup protocol
On July 6, Solar Atmospheres hosted over 40 high school students enrolled in the Summer Engineering Institute (SEI) at Lehigh University. The SEI program is a two-week residential program. Students are nominated by faculty of local high schools, and the program specifically targets students who might have limited opportunities to study in the fields of science, technology, engineering, and math (STEM). They received a tour of the campus that emphasized cutting-edge technologies in heat treating and manufacturing.
Advanced Heat Treat Corp. (AHT) announced the addition of UltraGlow® Induction Hardening at its location in Cullman, Alabama.
Pfeiffer Vacuum opened up a new 40,000 square foot facility May 13, 2022. This facility is located at 4037 Guion Lane, Indianapolis, IN.
Personnel Chatter
Advanced Heat Treat Corp. (AHT) announced that Chris Williams has joined as the new regional sales manager for its location in Cullman, AL.
Industrial Heating Equipment Association (IHEA) recently announced its 2022–2023 Board of Directors and Executive Officers. Serving as President is Jeff Valuck of Surface Combustion, Inc.; Vice-President is Brian Kelly of Honeywell Thermal Solutions; and Treasurer is Jeff Rafter of Selas Heat Technology Co. LLC. Scott Bishop of Alabama Power – a Southern Company assumes the Past President position.
IHEA welcomed to the Board of Directors Ben Gasbarre, the of Sales & Marketing for Gasbarre Thermal Processing Systems, to the Board of Directors.
The Supervisory Board of Advanced Graphene Products has been formed, appointed by the Ordinary General Meeting on June 24, 2022. Peter Zawistowski, a graduate of the Częstochowa University of Technology, Kozminski University (MBA) and the Massachusetts Institute of Technology (Executive Program in General Management), became the new chairman of the Supervisory Board. Peter has been the managing director of SECO/VACUUM operating in the American market since 2017.
The Plibrico Company, a supplier of monolithic refractories and installation services, is excited to announce and welcome Shawn Story as its new engineering manager.
Kudos Chatter
Space-Lok, Inc. met the requirements of Nadcap accreditation and achieved approval for heat treating.
ALD Thermal Treatment, Inc.'s Port Huron facility received the General Motors Supplier Quality Excellence Award for outstanding quality performance for the 8th year in a row. Criteria for this award include zero official customer complaints for 12 months and quality performance of less than one defective part per million.
Advanced Heat Treat Corp. (AHT), a provider of heat treat services and metallurgical solutions, announced that it has renewed its Nadcap accreditation in heat treating (ion and gas nitriding) and passed its Aerospace Quality System (AC7004) audit. The company has also added additional AMS specifications to its scope: AMS2759/6 and AMS2759/12.
Braddock Metallurgical announced the renewal of a Nadcap accreditation at their Tampa, FL location. The administrator, , has also determined that the heat treater has gone beyond industry requirements and so earned Merit recognition.
SECO/WARWICK in India celebrated its fifth anniversary of its establishment in May, although they have been operating in that market since.
Metalex Thermal Specialties, a heat treat service provider, announced that it has achieved AS9100:2016 and ISO 9001:2015 certification for the quality management system implemented by its heat treating facility in Berthoud, CO.
Paulo’s Cleveland plant in Ohio has earned Honeywell approval for all HIP processing with no restrictions.
The MTI Educational Foundation announced that it awarded Eric Roth of Tucson, Arizona (University of Arizona) the $15,000 Founders Scholarship.
ITP Aero UK Limited was awarded their latest Nadcap certification for Heat Treating with full 24-month merit and accreditation length.
Maryam Razavipour, a senior engineer at Lumentum, was selected by the Heat Treating Society Board of ASM International for the 2022 HTS/Bodycote Best Paper Award for her paper, “Data-Driven Design Framework for Laser Heat Treatment Process of Cold Spray Coating.”
Heat Treat Today is pleased to join in the announcements of growth and achievement throughout the industry by highlighting them here on our News Chatter page. Please send any information you feel may be of interest to manufacturers with in-house heat treat departments especially in the aerospace, automotive, medical, and energy sectors to bethany@heattreattoday.com.
Find heat treating products and services when you search on Heat Treat Buyers Guide.com
Since 2018,Heat Treat Today has been striving to honor young people in the industry. The 40 Under 40 award gives names, faces, and words to the rising generation of industry professionals.
Catch up with exemplary classmates from the past year to hear where they are now and what comments they have about the industry. Pour a cup of coffee while you dig into the resource list that’s full of research and commentary from Heat TreatToday‘s40 Under 40 alumni.
This original content article is released on the final day to nominate someone to Heat TreatToday‘s 40 Under 40 Class of 2023.
Aniket Maske
Aniket provided an update: “Currently, I’m the Chief Metallurgist and Director of Quality and Launch (program management) at ASPC. In addition, I’m now part of the Executive Leadership Team (ELT).”
At Automatic Spring Products Corp., heat treating processes have significantly improved with Aniket as a member of the Senior Leadership Team. Long-term strategic planning, reducing customer complaints, improving customer relationships, and implementing corrective actions to improve processes are all areas that see his influence. He has been an integral part in helping ASPC transition to the latest technology in heat treat controls and fuel injection which will result in significant gas savings and increased quality and control.
This recognition inHeat TreatToday‘s 40 Under 40, Aniket explains, “[has] helped me in networking as I focus on future sustainability – which is important as a heat treat professional. The professionals in the heat treat industry are provided a platform to collaborate and know about the progress – which was not readily available on a mass scale – with larger scope and scale.”
This Class of 2022 alum closes with the fact that he “enjoy[s] reading Doug’s editorial page in Heat Treat Today magazine.”
With a bachelor’s degree in Materials Science and Engineering from Penn State, Sarah worked as a metallurgist, and has been gaining experience in aerospace industry quality systems in the heat treat industry for 18 years, beginning with an internship at Sikorsky Aircraft.
“Things continuously improve,” she explained. “Even though we’ve been heat treating steel for decades, there’s always something new coming out: new material, new processing methodology, etc.”
Sarah has this advice for future leaders in the industry: “Get involved. Join and organization such as MTI; explore the NADCAP program; look into AMEC and writing standards we use everyday. Get involved, and do the networking. It will take you farther than you can imagine.”
During this past year, Casey has completed his MBA from University of Michigan in April. He shares gratitude for those who helped him along the way: “First and foremost I could not have done it without the unwavering support of my wife Anna O’Neill, MBA. I also sincerely appreciate Bob Roth’s encouragement to pursue this degree. It was both a challenging and rewarding experience. Thank you Nelson Sanchez, Kurt Hofman and everyone at RoMan Manufacturing for your guidance, support and and patience as I did my best to juggle all the work we are doing at RoMan along with successfully completing this program.”
Prior to managing RoMan’s sales effort to the heat treating industry, Casey played a pivotal role in growing RoMan’s non-ferrous foundry business. He has proven himself to be a quick technical learner as well as a customer-focused representative of the RoMan values. Casey has contributed very much to his company, and they have appreciated his work. Heat TreatTodayespecially enjoyed meeting Casey last year at FNA. While at the event, Casey picked up five Heat Treat Kids t-shirts for his crew!
On a normal day at Cleveland Electric Laboratories, Jessica often balances multiple expedited requests to assure customer equipment is up and running. Finding ways to creatively beat industry standard lead times has become her norm.
Jessica shares that her life is about to change, as the future holds excitement for her and her husband: “I have been having a very busy year so far! My husband and I bought and renovated a new home, and I’m currently pregnant with our first child! I have been training a temporary replacement to take the reins while I am out on maternity leave. And even though I have been mostly preoccupied with baby stuff, I can say that here at CEL we are on track to have a record year! Acquiring new accounts and expanding our reach within existing accounts has required some creative scheduling on my part! I’m excited to see what the future holds both professionally and personally!”
Since receiving Heat TreatToday‘s 40 Under 40 award, Ben has filled us in on some updates: “The past year was full of exciting developments at Solar Manufacturing and I am proud to be part of the team working on improving our business every day to provide our customers with high quality vacuum furnaces and hot zones.”
An MTI YES Management Training Program graduate, Ben has worked on standardization for vacuum furnace hot zones across Solar Manufacturing’s product line and worked to create designs for improved thermal efficiency, leading to two U.S. patents. He shares, “In the past year, I have focused on providing support to customers with difficult process requirements by assisting in hot zone material selections. I have also worked on vertical integration of several manufactured assemblies to bring more work in house resulting in shorter lead times and lower prices for our customer base. And lastly, I have continued to work on standardizing our existing product lines to increase our efficiency and lower our costs.”
Heat Treat Todayoffers News Chatter, a feature highlighting representative moves, transactions, and kudos from around the industry. Enjoy these 39 news bites that will help you stay up to date on all things heat treat.
Equipment Chatter
The precision forging manufacturer Jiangsu Pacific Precision Forging Company has placed an order with SMS group for a fully automatic MP 3150 eccentric closed-die forging press. Pacific Precision will be able to forge aluminum chassis components on a much larger scale. This new expansion provides Pacific Precision with access to the growing automotive market segment for more lightweight designs.
A commercial heat treater in Mexico purchased a third vacuum furnace from SECO/WARWICKGroup.
Ecocat India, a catalyst manufacturer, has ordered an advanced technology vacuum gas cooling furnace from SECO/WARWICK. The system will carry out brazing and annealing processes.
Several new CAB lines have been ordered from SECO/WARWICK to be delivered to manufacturers in China. Two companies specifically chose EV/CAB lines while another manufacturer purchased a CAB line.
SECO/WARWICK delivered two CAB lines and one universal chamber furnace for aluminum brazing to an automotive manufacturer in China. The systems will braze large-size coolers for vehicle batteries.
Oetzbach Edelstahl GmbH, a hardening plant, has purchased a third furnace from SECO/WARWICK.
A Swiss commercial heat treater ordered a brazing furnace to be used for nickel and silver from SECO/WARWICK.
Tenova LOI Thermprocess has completed the production optimization of a new Twin-Chamber Melting Furnace (TCF®) at E-Max Billets in Kerkrade, the Netherlands.
An Asian thread rolling die conglomerate selected a SECO/WARWICK vacuum furnace. The Vector® will be used for vacuum hardening and tempering fastener dies.
Company and Personnel Chatter
Hubbard-Hall has expanded its product offering and customer resources by acquiring the assets of Torch Surface Technologies, a specialty chemical company based in Whitmore Lake, MI.
New simulation software is being launched at CENOS Simulation Software. The application portfolio expands with some new electromagnetic case software apps. The first apps will be launched in Q4 or a little later.
Solar Atmospheres of California announced it has been awarded the approval to process parts for Lockheed Martin (LMCO) owned Sikorsky. The Sikorsky approval adds to the existing LMCO process specifications held for vacuum heat treatment of titanium, nickel alloys, and stainless steel per AMS 2801, AMS 2774, AMS 2759/3, and others.
Nel Hydrogen US, a subsidiary of Nel, has entered into a joint development agreement with General Motors to help accelerate the industrialization of Nel’s proton exchange membrane (PEM) electrolyzer platform. The two companies are looking to enable more cost competitive sources of renewable hydrogen.
The Supervisory Board of thyssenkrupp AGextended the appointment of Oliver Burkhard by five years. Burkhard has been a member of the Essen-based group's Executive Board since February 2013, Thyssenkrupp AG director of Labor since April 2013, and additionally CEO of thyssenkrupp Marine Systems since May 2022.
Joe Coleman, cyber security officer of Bluestreak Consulting™, has earned his Cyber AB CMMC Certification as a Registered Practitioner (RP). CMMC is a U.S. Department of Defense (DoD) program that applies to Defense Industrial Base (DIB) contractors.
CG Thermal welcomes associate process engineer Signe Laundrup to the Process Systems Group. Laundrup is a 2021 chemical engineering graduate from the University of California, San Diego. Her background is in manufacturing and research and design.
Tata Steel signed a memorandum of understanding with SMSGroup to reduce carbon emissions at Tata’s integrated steel plants across India.
Two heat treat technology companies integrate: C3 Data’s real-time pyrometry compliance software enables digital uploading of certificate data of all TT Electronics.
Ipsen Japan announced the addition of Mr. Masakazu Kanaka in the role of customer service director. Kanaka is responsible for the growth of all Ipsen Japan customer service business, which includes retrofits, parts, and service. He will oversee the aftermarket sales team and field service engineers.
Solar Atmospheres of California announced Honeywell approval to heat treat austenitic steels, martensitic steels, pH steels, tool steels, nickel alloys, cobalt alloys, titanium alloys, and magnetic alloys.
Aluplast – ZTG, an Altest company, recently expanded its production capacity with a second Nitrex nitriding system. The second furnace, a model N-EXT-612, is capable of processing a load of extrusion dies weighing up to 1300lbs.
Solar Atmospheres of Michigan is pleased to announce the addition of Chris Molencupp as their new sales manager.
Metal Exchange Corporation announced that Matt Rohm, current President and Chief Operating Officer (COO), will be promoted to Chief Executive Officer (CEO) of Metal Exchange Corporation effective January 1, 2023. At that time, current CEO Rick Merluzzi will assume the title of executive vice chairman, serving as an advisor to executive chairman, Mike Lefton, on key strategic initiatives for the organization, through the end of 2023.
Quintus Technologies joins the newly opened Application Center at RISE to support further development of additive manufacturing. The AM Center will also include the Quintus press model QIH 15L-2070.
Abbott Furnace Company announced that it has partnered with Obsidian Technical Group for sales and service support across much of the eastern United States.
Robert Roth announced the appointment of Nelson Sanchez as RoMan’s new president, effective January 1, 2023. Sanchez is the first non-family member to hold the office.
Hubbard-Hall hired Aaron Mambrino as chief financial officer. Her expertise lies in driving process changes to create operational synergies, developing strategic partnerships, and LEAN manufacturing.
John Savona, vice president of Americas Manufacturing and Labor Affairs, Ford Blue, will retire on March , after more than 33 years. Bryce Currie will step into the role.
AFC-Holcroft welcomed employees and their families, company retirees, and invited guests to view their newly renovated building as part of an open house.
Solar Atmospheres of California participated in the “Spark of Love” toy drive in coordination with the San Bernardino County Fire Department.
Raytheon Technologies expands Bengaluru operations with opening of Pratt & Whitney India Engineering Center. The facility is co-located with Pratt & Whitney’s India Capability Center and Collins Aerospace engineering and global operations centers.
Lucifer Furnaces in Warrington, PA, a manufacturer of heat treating furnaces and ovens for the last 80 years, has added Brett Wenger to its leadership team as vice president of sales.
Kudos Chatter
Global Thermal Solutions celebrates 15 years in Mexico.
Ipsen USA announced that 2023 represents a milestone anniversary. This year marks 75 years since Harold Ipsen founded the company.
Desktop Metal is sponsoring on a new season of BattleBots. The completely rebuilt robot is aided by the design freedoms and fast turnaround times of metal 3D printing.
Solar Atmosphere’s Michigan and Western Pennsylvania facilities have recently been awarded Nadcap Merit status for vacuum heat treating and brazing.
In September, the Swiss Steel Group (SSG) held the 1st Hydrogen Symposium at the Henrichshütte Iron and Steel Works in Hattingen. Speakers from academia, business, and politics held lectures in four sessions.
Borikengineers, a team mentored by Pratt & Whitney employees in Puerto Rico, has advanced to the Qualifiers’ Finals Competition in the FIRST Tech Challenge DC Qualifier. The team won the Judges Choice Award.
Heat Treat Today is pleased to join in the announcements of growth and achievement throughout the industry by highlighting them here on our News Chatter page. Please send any information you feel may be of interest to manufacturers with in-house heat treat departments especially in the aerospace, automotive, medical, and energy sectors to sarah@heattreattoday.com.
Find heat treating products and services when you search on Heat Treat Buyers Guide.com
Heat Treat Todayoffers News Chatter, a feature highlighting representative moves, transactions, and kudos from around the industry. Enjoy these 19 news bites that will help you stay up to date on all things heat treat.
Equipment Chatter
Global commodities group, Anglo American, and thyssenkrupp Steel have signed a memorandum of understanding to collaborate on developing new pathways for the decarbonization of steelmaking. The collaboration will focus on joint research to accelerate the development of high-quality input stock for lower carbon steel production, using both conventional blast furnace and direct reduction iron.
SECO/WARWICK delivered additional CAB lines to SUZHOU RETEK in China.
Tenova was contracted by Sinova Global to supply the basic engineering of a new silicon metal plant in Tennessee. The site will be North America’s most modern and efficient silicon metal plant, a greenfield development for Sinova Global.
Company and Personnel Chatter
Brighton Science and Hubbard-Hall partner to provide the Infinity Surface Cleaning Intelligence Program, which is designed to aid manufacturers to prepare surfaces and prevent problems.
Thermal-Vac Technology, Inc. announced the completion of a new microgrid from Verdant Microgrid, LLC. Collaboration with the following companies ensured the completion: Eos Energy Enterprises of Edison, NJ; Stronghold Engineering, Inc. of Perris, CA; and GridSwitch Asset Management Services of Moon, PA.
Bryan Stern has joined Gasbarre as the product development manager for Gasbarre Thermal Processing Systems. Bryan’s experience, knowledge, and forward-thinking will allow him to support existing clients and advance the company’s growing footprint in the vacuum furnace market.
Ipsen recently launched a new website with the goal of providing a better user experience for customers worldwide. IpsenGlobal.com now incorporates all Ipsen locations, products, and services under one domain.
Furnaces North America 2022, the premier trade show and technical conference in the North American heat treating industry, attracted over 1,200 attendees from around the world. The show produced by the Metal Treating Institute in partnership with its media partner, Heat Treat Today.
Kudos Chatter
Doug Peters, CEO of Peters’ Heat Treating, received the Winslow Award, an honor that is given to an individual or business that has made valuable economic improvements.
A two chamber vacuum oil quench furnace has received Nadcap accreditation. Solar Manufacturing designed the furnace for Solar Atmospheres of Western PA.
Ayla Busch was honored with the German Leadership Award 2022. This award was presented at the annual alumni convention of the Collège des Ingénieurs and is an award for innovative corporate leadership in the German economy.
Texas Heat Treating, Inc. announces that both Round Rock and Texas Heat Treating Worth just completed ISO 17025 lab audits. The audits came back with no findings.
Representatives from TAV VACUUM gave a speech during the first day of the 27th IFHTSE Congress & European Conference on Heat Treatment 2022. The talk was about the heat treatment of titanium alloys, specifically, “Vacuum heat treatment of Ti6Al4V alloy produced via SLM additive manufacturing.”
RETECH, a SECO/WARWICK Group company, was acknowledged as “The Most Innovative Metallurgical Equipment Specialist in 2022 for the USA” by Acquisition International Magazine. Additionally, Earl Good, its managing director, has been honored by The Corporate Magazine in the “Top 20 Most Dynamic Business Leaders of 2022.″
Nitrex Metal, Inc. announced that it was selected for the “American Dream” series airing on Bloomberg and Amazon Prime. The series explores the entrepreneurial stories of men and women who founded and built incredible companies from the ground up.
Jim Oakes, president of Super Systems, has been awarded the first ever Furnaces North America (FNA) Industry Award at the trade show’s opening night kickoff reception.
At the recent 2022 MTI fall meeting held in Indianapolis, IN, the Metal Treating Institute recognized Roy Adkins, director of Corporate Quality, with the MTI Award of Industry Merit. This award is given in recognition of current and ongoing commitment to the betterment of the commercial heat treating industry with one or more significant accomplishments.
Hubbard-Hall has been awarded the Top Workplaces 2022 honor by HearstMedia Services in Connecticut. The award is based solely on employee feedback gathered through a third-party survey that is administered by employee engagement technology partner Energage LLC.
Pelican Wire Calibration Laboratory received “ISO/IEC 17025:2017” accreditation from ANSI National Accreditation Board.
Heat Treat Today is pleased to join in the announcements of growth and achievement throughout the industry by highlighting them here on our News Chatter page. Please send any information you feel may be of interest to manufacturers with in-house heat treat departments especially in the aerospace, automotive, medical, and energy sectors to sarah@heattreattoday.com.
Find heat treating products and services when you search on Heat Treat Buyers Guide.com
Recently, the first ever Heat Treat Boot Camp took place in Pittsburgh, Pennsylvania from October 31 to November 2. Heat treat participants networked, learned, and attended tours during the intensive, two-day training.
Instructors were Doug Glenn, publisher and founder of Heat Treat Today, and Thomas Wingens, president/CEO and founder of WINGENS International Industry Consultancy. Several of the sessions were "Heat Treat Processes & Materials," "Heat Treat Products", "End-User Products", and "Latest Heat Treat Developments." Questions and discussion were encouraged during the formal sessions, and heat treaters had plenty of informal, additional learning time through interactions with each other and the instructors.
"Personally, I really enjoyed interacting with the participants," commented Glenn. "We had an excellent cross-section of the industry represented from captive heat treaters to commercial heat treaters to industry suppliers. The interaction between individual participants was also excellent and perhaps one of the greatest benefits of attending."
Attendees visited the Duquesne Incline on Mount Washington at the end of the first day of lectures to enjoy the view of Pittsburgh (see main article image above). At the end of the training, attendees had the option to visit the Solar Atmospheres of Western PA heat treat plant, getting the chance to see the processes, parts, and markets that had been discussed during lectures.
Heat Treat Today thanks everyone for their participation in the first-time Heat Treat Boot Camp. Plans are underway for Heat Treat Boot Camp2023. Stay tuned for registration information; see you next year!
Find heat treating products and services when you search on Heat Treat Buyers Guide.com
Heat TreatToday, in cooperation with the Metal Treating Institute (MTI), recently presented the 2022 Master Craftsman Award (also known as the Commercial Heat Treater of the Year Award) to Mike and Mary Reichling of The Cincinnati Steel Treating Co. The award was presented at the formal awards presentation banquet following the Furnaces North America trade show on October 5, 2022, in Indianapolis, IN.
This award is given to the company that demonstrates making a positive impact on their community and their industry. Recognition is based on quality programs, pollution & hazardous waste control, community involvement, and industry leadership and judged by a panel of previous recipients.
The Cincinnati Steel Treating Co. received a plaque and a scholarship fund of $1500 from Heat TreatToday that was matched with another $1500 from MTI’s Education Foundation. They will award this $3000 to a high school or college student who is pursuing an education in heat treat.
Congratulations to The Cincinnati Steel Treating Co.
Main picture caption: (Left to right) Mary Glenn, Mary Reichling, Mike Reichling, Rob Rye, and Doug Glenn
Find heat treating products and services when you search on Heat Treat Buyers Guide.com
Beginning November 1, 2022, Nor-Cal Products will begin doing business as Pfeiffer Vacuum Valves & Engineering. In 2017, Nor-Cal Products was acquired by Pfeiffer Vacuum which launched a new phase of the company’s growth.
Located in Yreka, CA, Nor-Cal Products manufactures vacuum components, valves and chambers for industrial equipment manufacturers, universities, and national laboratories.
”This is a major step towards completing the integration of Nor-Cal Products with the Pfeiffer Vacuum Group," commented Bryan Strait, general manager at Pfeiffer Vacuum Valves & Engineering. "We will be stronger together as we continue making progress executing our strategic business plan and continuing to invest in the Yreka site as to better serve our customers.”
Find heat treating products and services when you search on Heat Treat Buyers Guide.com
What does cybersecurity look like in a heat treat shop? In this episode, Doug Glenn, publisher of Heat TreatToday and host of Heat TreatRadio, will be speaking with four industry experts about this challenge: Heather Falcone, CEO of Thermal-Vac Technology, Inc.; Brian Flynn, plant manager at Erie Steel Ltd.; Mike Löpke, head of software & digitalization at Nitrex Metal; and Don Marteeny, VP of Engineering at SECO/VACUUM Technologies LLC. Watch, listen, and learn all about the risks, preventions, practical steps, and future outlook that this panel has to share.
Below, you can watch the video, listen to the podcast by clicking on the audio play button, or read an edited transcript.
The following transcript has been edited for your reading enjoyment.
Doug Glenn (DG): Welcome to another episode of Heat Treat Radio. We’re going to talk about a relatively serious issue today. I hope to have a little bit of enjoyable time doing it. I’m really happy to have these four people on the call with us. We’re going to talk about cybersecurity -- probably one of the most pressing issues. Obviously, it’s not heat treat specific, but we’re hoping to take some of the specific issues that deal with cybersecurity and, if possible, drill them down into the heat treat industry, as best we can.
So, I’d like to introduce our prestigious crowd here today. They’re going to talk a little bit about it.
First, I’d like to introduce Heather Falcone who is the CEO of Thermal-Vac Technology, Inc. out of California. Heather is the CEO, as I mentioned, and currently serves as a member on the board of directors of the Metal Treating Institute. She is a recognized trainer, writer, public speaker on a variety of topics such as leadership, business, and heat treat equipment. At her company, she has led them to be fully compliant in missed 800-171 and DFAR 252.204-7012 -- that’s important, I’m sure -- cybersecurity program as well as EOS system. Heather is, in fact, a member of Heat TreatToday's 40 Under 40 Class of 2019. And I, also -- I don’t know if they’re going to be able to see this; I’ll put it up on the screen if not -- there’s Heather’s picture in a really nice magazine that we got about leadership. Anyway, I am glad to have you here, Heather.
Next is Brian Flynn from Erie Steel, Ltd. Brian is a third-generation heat treater. He attended the University of Cincinnati earning a Bachelor of Science and Chemical Engineering degree with a minor in Material Science. He’s also completed an executive MBA from the University of Toledo. As a plant manager, he has close familiarity with technology development, people skills, customer service, and management of technical services. He is also a member of Heat TreatToday's 40 Under 40 Class of 2021. We’ve asked Brian to get involved here because I think he’s probably got a good perspective on implementing some of this cybersecurity stuff. I appreciate you being here, Brian, thank you.
Next on our list we have an international entry -- Mike Löpke from Nitrex, actually. He’s working out of Germany, right now, but let me read what we’ve got here. Mike has been with Nitrex going on two years and is leading the creation, implementation and marketing of new digital platform for the Nitrex group. He has a background in mathematics and physics as well as substantial knowledge in R&D and metallurgical modeling and is currently in charge of Nitrex software and digitalization department. His expertise in AI (artificial intelligence) and process prediction led Nitrex to develop the very first IIoT-based platform called QMULUS. His thirst for knowledge enables him to remain ahead of evolving technologies. As I mentioned, he’s working out of Germany and he was, and maybe still is, a professional wind surfer. I did enjoy the videos, by the way, Mike. It was very, very good.
Mike Löpke (ML): Thank you very much!
DG: It’s interesting and it looks exciting. You certainly went to some nice places there.
Finally, I would like to introduce Don Marteeny (DM) who I’ve had the pleasure of working with in the past. Don, it’s always good to see you. Don is the VP of engineering at SECO/VACUUM Technologies for over 5 years. During his career, Don has fulfilled many roles including 3 years as a project engineer, 2 years project manager and 2 years as the engineering team leader. He’s a licensed professional engineer. Don led the implementation of a 3-D modeling tool at SECO/WARWICK, when he is not busy being a Cub Scout den leader, which is great, Don presents papers on state-of-the-art heat-treating technologies. Don is also a Heat TreatToday's 40 Under 40 Class of 2021 recipient; congratulations on that. And Don’s just a heck of a nice guy all around, which I’m sure all of you are!
It's good to have you all.
Let’s jump in, guys. This is a relatively serious topic that we’ve got going on here but let me just throw out some questions to you. Heather, maybe I’ll start with you, if you don’t mind.
When we look at the risk potential in the heat treat market, I guess the first question that comes to my mind is: Okay, who should really be worried about this? Who are some of the people? Brian, maybe I’ll jump to you after Heather is done with some input on that, as well. Go ahead, Heather.
Heather Falcone (HF): Well, the short answer is literally everybody. Literally every person in the United States is subject to being a target for a nation-state level adversary such as China, Russia, Iran, North Korea. No one is safe, no one should assume they are safe, and every single person in this country, regardless of whether you’re a businessperson or not, should protect the data that keeps us safe.
DG: Do we have a sense, Brian, maybe over to you on this -- and again, as I mentioned before we started, if somebody doesn’t have a comment on this, just pass on it -- but are there people or organizations or systems in the heat treat industry, specifically, that are at a higher risk? What do you think as far as risk?
Brian Flynn (BF): In terms of age group demographics the Baby Boomers as well as Gen Z and younger are considered the most vulnerable for cyberattacks. Baby Boomers didn’t have great exposure to today’s brand of cyberattacks nor did they grow up with the internet and computers as we know them today. Gen Z and younger, there is a certain carelessness in terms of sharing personal information they’re too trusting. On top of that, Covid created new types of uncertainty in conjunction with the influx of new users going online since 2020.
But more from a business perspective, I guess it depends. Healthcare, government and financial-like institutions pose the highest potential reward but also the highest risk. In terms of frequencies, small businesses, like myself as a commercial heat treater, are the number one target as they typically lack resources and capital expenditures in order to invest in the infrastructure. And it might just be a pipeline where they’re going through the small businesses to get to my bigger Fortune 500 customers, but it’s really mainly phishing emails that are infected with malware. Over the past 12-18 months, it’s been crazy how many have made it through our firewall.
DG: Over to our equipment guys. I should mention -- Heather and Brian are both commercial heat treaters, Mike and Don are really both kind of equipment guys, although Nitrex also does some commercial heat treating, as well. Don, why don’t we start with you. The same question: Who’s at risk here? And then, Mike, we’ll end with you, please.
Don Marteeny (DM): Well, in addition to what Brian said, which I found interesting on some of the demographics, it’s important to realize, too, that it’s not just people, it’s also equipment. The equipment is becoming more and more interconnected, especially with the IIoT capabilities that most of them have now and all the unique features that that brings, but what that means is -- in order for that technology to function as it intended, it has to be connected to the internet which opens up more doors for access to sensitive data. And it’s not just data that you receive, it’s data that you generate, right? And that’s the important thing, I think, that everybody’s got to realize is that once you’re in that chain of subcontracts, shall we say, and you’re working with those folks that are contracting to the government -- handling sensitive data, you’re in that, too. It’s important to recognize that it’s not just you and your users but also your equipment and how it’s interconnected to the network.
DG: I’m reading a book right now -- I’ll give a plug to this guy -- Mark Mills, who we’ve interviewed before, on this show actually -- it’s called The Cloud Revolution and he’s been talking a little bit about this. The amount of data that is out there, because we’re able to get data off of machines and things like that now and are doing more and more, is just skyrocketing. It’s that data that’s going to be an issue.
Mike, over to you; I just want to wrap up as far as risk assessment, here. Who are the people, organizations, equipment or whatever that is most at risk?
ML: From our perspective, there’s not that much to add. We covered already the topic so we have this human factor which plays a really, really big role in terms of cybersecurity, how people are really sloppy and do not have the right mindset to treat data as they should. We have also, a lot of times, not the right policy in place, we do not have the education needed and so on. There is always this human factor.
But also, with heat treatment as a really old industry and steel manufacturing, as well, we have a lot of facilities with outdated infrastructure. This is also a also big topic. Outdated infrastructure, old, dated network designs firmware which we do not need to talk about it’s 20 years old and older so nobody knew about the potential risks that arise during the last decade and during the last years. This is also a really important factor. That’s it, from my perspective. Everyone, as said, is at a high risk, so, summing it up -- it’s literally everyone and everywhere.
DG: If you think you’re safe, you’re not, right? I think when Heather first started talking, I thought, “Boy, this is going to be a horror show.” If you think you’re safe, you’re not; you’re most at risk.
Let’s talk about data and data storage. Those types of things are really at the core of this, I think. Where are we going to store of all our data? How do we do it safely? When it comes to data storage, what problems have you witnessed or are you aware of, and how about solutions for data storage?
Don let’s start with you on this one then we’ll go to Mike. I know a lot of companies say, “Well, I just want to keep my data in-house.” Is that the answer? What are we doing with data?
DM: That varies. From my observations, it varies from customer to customer, industry to industry. There is a sense to move it to the Cloud, just because it’s easier to manage there, but with that brings risks. I think everybody’s got to be aware of that when they make that decision. On one hand, do I maintain my own servers, do I hire the people to man those servers, etc., or do I pay somebody else to do that in the Cloud? Do I take that risk of the data being someplace I don’t know and I rely on the Fortune 500 company who I’m contracting to maintain the Cloud to secure it, or do I do it myself? Especially for small businesses, these are not easy questions to answer. Like I say, I’ve seen both. And, again, with the invent of Industry 4.0 and IIoT, the pressure to move to the Cloud is pretty high, so, if you want to take advantage of those technologies.
DG: Mike, how about you? What do you think as far as data storage and things of that sort?
ML: I think Don mentioned already the two options we have. We could take of all the data storages ourselves, having big data service on premises, having people responsible for it, managing everything, keeping it running, no creation of redundancy, call it like this, having back-up systems -- all of these things you would need to manage by yourself. And the requirements are getting tougher. If you think of having data for the aerospace stored, you’re talking about decades of years, so that’s it.
The alternative is to put everything to the Cloud so then you’d just say, “Ok, I need more data” and more data storage space is available. You can also make use of all the security measures created, for example, by the big Cloud infrastructure providers like AWS in Asia. They are professionals in this. If they say your data is secure because we are using the latest technologies, I think you can be sure that it is. We, at Nitrex, rely fully on this. We say we could not do it better. There are thousands of people working every day on Cloud security, on infrastructure security, and so on and so on. I think our facilities could not be safer.
DG: Brian, let’s go to you on this one and then, last, to Heather. Data security -- if you want to make comments on that and maybe even, if I can put a little sharper point on the pencil on this -- just because a person keeps data in-house, does that make them safe from cyberattacks? General question, or if you want to answer that specific one, Brian.
BF: In today’s climate, the security of the data storage remains at the top of our lists. Knock on wood, very fortunately, we haven’t been on the receiving end of any of those types of cyberattacks, likely because we have a good firewall in place. More relevant to Erie Steel, the problems we face are data storage limits, length of data retention and scalability, and also accessibility -- whether it be video records, furnace records, quality records, shipping records, the list goes on, as far as how long do we want to retain that data and how accessible does it need to be? We utilize surveillance cameras, not spying on employees but really more proof of key operations, proof of start, proof of completion. The cardinal sin of heat-treating is don’t ship a green part back to the customer, so what better way to prove that other than by surveillance systems.
But that poses an issue -- we make sensitive cameras, increase the sensitivity, length of retention goes down. It’s a nice balance between form and function as well as retention, whether we use IP high-definition cameras or low-definition cameras. But that’s on its own internal server, on-site.
A lot of our continuous furnace trending software is continuously recorded -- that’s on its own separate dedicated server with off-site back-ups. Then we have all of our PLC data -- that could fill up a server in a matter of weeks if we really wanted it to. At times, we were recording every second; we don’t need to do that for most operations. Every minute, make the data accessible for a month and then, after that, we send it off to the Cloud.
For our ERP system and our quality management system, we utilize Bluestreak which is a web-based platform. We used to have on-site grid-based platform and that frees up a tremendous amount of space for the server so we can A. keep it 70% or less for capacity reasons. The only issue then, of course, is if we have a power outage, we lose internet -- but those are risks, at this point, that we’re willing to take.
DG: Heather, how about you? Data storage, generally speaking, what’s the situation?
HF: I think whether you’re deciding to store locally or in the Cloud, there are a couple things to consider: your digital rights management and your data loss prevention. If you’re working in-house, that means isolating assets on the land to make sure that, if there is an infection, it stops immediately. That’s one of the basic controls in, what is now, level 1. You have to have some of that in place so that if someone does get into your system, and we’re not talking a brute force attacker, we’re talking a person with the password of 1 2 3 4. We’re talking about the person that has not changed their password in 23 years and they’re still working on a DOS-based system. All those legacy systems that are not yet updated, that’s where the real risk comes from -- storing data locally. It’s really user behavior oriented that’s backed up by the solid digital rights management and data loss protection, as far as storing locally. One thing to be very careful about when moving to Cloud solutions, most commercially off the shelf available Cloud solutions are not compliant within the 800-171. If you’re talking about just Office 365, you have to move to the government version. Now we’re on zoom.gov instead of regular zoom, Doug, I don’t know.
DG: We are not, so be careful what you say.
HF: The problem with that is when you move to those Cloud solutions, they are inherently user prohibitive. They’re awful to work with, and they’re extremely expensive. You are kind of in a rock and a hard place: do we store locally and take on more risk and more in-house compliance cost or do we trust these big guys who have a billion-dollar backing them up who seems to know what he’s doing but also humans are humans and it’s still an inherent broken system? We all have to be careful and take our ownership of the programs that we’re putting in place -- that we have working knowledge where our data is going, how it’s being backed up, how it’s being stored or retained.
DG: Just a quick round-robin question, just kind of a yes or a no, and if you want to elaborate a little bit, feel free: Do you think, in today’s day and age, that it’s just as safe to store things in the Cloud as it is locally? Mike, what do you think?
ML: Yes. But you have to respect the requirements.
DG: Don, what do you think?
DM: Yes, for the most part. Like we said, the larger companies have teams of people working on this every day, so not only can they react, they can be more proactive in staying out in front of it than the rest of us can because they the resources. So, in theory, yes.
DG: Heather, what do you think? Just as safe to store in the Cloud as local?
HF: I believe that it has the potential to be more safe because you can rely on a group of resources that you don’t have to actively manage yourself. However, it takes a lot of oversight and research. It might be easier for a smaller company to create a very small locus of control as opposed to moving to a large collect Cloud solution during their migration to CMMC.
DG: Brian, how about you? Just as safe?
BF: I think the short answer is yes but, you know, it depends on which Cloud are we talking about and what does your internal infrastructure look like as well as what are your internal policies. Then it gets into more of a convenience discussion. How do you need that data? How frequent do you access it? But, I think, there’s the potential to be as safe or potentially more safe.
DG: I want to take a brief break and ask Heather a question. If you can just do a 30-second/60-second explanation of CMMC for us, and then we want to ask some questions about that. But I want to make sure that those who are listening who might not know what that is -- what is that? CMMC -- it’s important.
HF: It’s the Cybersecurity Maturity Model Certification. The government, in all of their perpetual wisdom, decided that they’re really tired of getting attacked by all the bad guys. To protect the state of the defense infrastructure and, I guess, maybe protect themselves because they have to do it too, they designed this system. Now, for today’s talk, I want to make sure that we understand that I’m personally going to be vacillating between CMMC 1.0 and CMMC 2.0. They are drastically different -- CMMC 2.0 is in rulemaking, but it’s got a lot of exciting, better things, potentially, in it versus CMMC 1.0. The point is, CMMC 1.0 is the law of the land and has been since 2019, so, it’s up to everyone who deals with the federal government to ensure that they are up to the minimum standard requirements for CMMC 1.0 which is just, basically, a self-assessment and some basic controls.
The government really wants to put in place the supply chain that is not full of holes for the enemy to take our most trusted and effective data.
DG: I’m curious, when it comes to CMMC then, implementation, best strategies for implementation, how do we find out about it more? Heather, I’ll stick with you on this one and then maybe we’ll move down to Mike and Don and then over to Brian.
CMMC -- what are some good strategies for implementing this?
HF: The first thing is to identify what you’re going to attack. If your whole company does not deal with CUI or FCI (control of unclassified information or federal contract information), then you don’t need to be talking about CMMC. The first step is to get your senior leadership team together and start with a block of information that’s manageable, either by location, by area, by contract, by project. Start at that top level and read the flow-downs to find out if you even have to do this, then decide a plan of action. I strongly recommend a phased integration approach over a period of about 18 months. If you’re trying to jam this into a 6-month process, it likely will be unsuccessful, strictly because that’s not enough time to even get the written policies and procedures in place. Plan for this to take about 18 months to 2 years and plan for it to cost you about $180,000; it’s about 60 grand a year. This is what the government, the Department of Defense says it will cost.
"The first thing is to identify what you’re going to attack. If your whole company does not deal with CUI or FCI (control of unclassified information or federal contract information), then you don’t need to be talking about CMMC. The first step is to get your senior leadership team together and start with a block of information that’s manageable, either by location, by area, by contract, by project. Start at that top level and read the flow-downs to find out if you even have to do this, then decide a plan of action." - Heather Falcone, Thermal-Vac Technology, Inc.
DG: Alright. You’re speaking from experience though, yes? You guys have done this?
HF: Absolutely, yes. It took us closer to 2 ½ years but, luckily, we started early enough to where that phased approach was okay.
DG: Mike, how about to you -- CMMC. Are some of your customers needing to do it? Are you guys needing to do it? What do you think?
ML: Nitrex is a solution provider so we are not only having commercial heat treatment, but we are also creating furnaces, we are building furnaces. We are also creating this control software and lately we released our QMULUS IIoT platform. We are really involved with this topic because we need to make sure that our customers are getting a solution which is CMMC compliant in the end. One thing which I really would like to mention here is that it does not only stop with the software. It’s not only software, it’s also controllers, it’s a hardware on the controllers, it’s even the network. Let’s say, a component on your controller which has to be CMMC compliant, in the end, which makes it really hard for small companies to take care of it. I suggest that you outsource a lot of these things. You can make your suppliers responsible for it, for sure. This would come with rising prices and so on, but for small heat treatment shops, it’s not maintainable, I guess. Maybe with the new approach of the CMMC release, which is relaxing a lot of things, it might be better, but we still do not know.
DG: Your suggestion is to outsource a lot of these, whether it be components or whatever.
ML: I would just like to add -- because we spend a lot of time to figure out what it really means (the CMMC things) and, as Heather already said, it will take you months to understand everything and if you’re not a professional in cybersecurity and maybe created these policies, you are lost.
DG: Don, how about you?
DM: I think I would echo a lot of what Mike is saying. As the whole industry goes more towards the IIoT implementing things, CMMC will be more and more difficult and you need help. Bottom line, unless you’ve got enough resources internally that can address the needs and understand, first off, as Heather mentioned, understanding the law (the regulations), in and of itself is usually enough to keep someone occupied for quite some time. But, even after that, then knowing what it means in implementing it, getting the right person on it, would certainly help the process.
DG: Brian?
BF: I think Heather really hit the nail on the head. The first step is to make sure it matches your strategic plan and your business plan. Currently, this is not a certification that Erie Steel possesses. It’s on our business plan as a threat under SWAT analysis but based on our current and forecasted customer base, this isn’t something that we plan on moving forward on here in the near future.
DG: Heather, you had mentioned about the control of unclassified information. Can you just expound on that a little bit? If I remember what you were saying, you were saying that it’s important to know whether you’re in that category, right? Because if you are, you need to do certain things; if you’re not, you don’t need to do certain things.
HF: Yes, if you handle CUI at your company or if you create CUI, then you’re likely going to be subject to the DFAR’s requirements when they’re flowed down to you. If you’re a federal contractor, it’s likely you don’t have a choice in this; it’s going to be in your contract flow-downs.
If you want to know more about control of unclassified information, there is an ongoing and everchanging list that’s available to you on the National Archives’ website which is archives.gov. If you go in there and you search controlled, unclassified information, it has a subsection list by industry. If all you do is firearms, cool, click on firearms and it’s going to tell you which CUI you have. If you only work defense, ok cool, here’s a nice little chart. It’s an invaluable resource on picking out key terms of your parts of your business to see if it matches up with the CUI.
But also, FCI, which is the Federal Contract Information, grand jury data is protected. Now, do we all deal with that? No. But financial transactions and general data information that you might not think is protected is protected. Spend some time in the National Archives -- it’s not boring, I promise, it’s actually pretty easy reading. It has nice charts and hyperlinks.
DG: It sounds boring, if I may just say so. Being the National Archives doesn’t sound like a place I want to spend my Friday afternoon.
HF: Well, call me, I’ll make it more exciting for you.
"Lately, we started with education because, we said it already multiple times in this discussion here, that the human factor is the most important part. We need to sensitize people about all the risks and all the things the internet brings. That’s why we started to have these security trainings, web-based and so on, which really help, also, to make people aware of these things."
DG: I want to deviate a little bit from the questions that we sent and maybe wrap up with two questions. We’ll deal with them individually but I’ll get you thinking about it just a little bit. Because we want to make this fairly practical for people, question one will be: Can you tell us what your company has done, thus far, to address cybersecurity? Again, it’s going to be a range of things; some have done a lot, some have done a little. Then, the second question I want to ask you which we will wrap up with is: If you could put on your prognostication hat here and you’re looking into the future -- what do you see being some of the major movements that we’re going to have to be dealing with as far as cybersecurity? It’s a little bit of fun looking into the future and seeing what we’re going to have to deal with in the heat treat industry.
Mike, if you don’t mind, we’ll start with you with Nitrex. What have you had to do so far to really deal with the whole cybersecurity threat?
ML: In the past, we started with the human factor. Until 6 years before, everyone had administrator rights on his local PC and everyone was installing everything -- malware, spyware and even things which were ‘unsuspicious.’ But a lot of things happen in the background without even noticing and these actions are opening doors for cybersecurity things. That’s why we installed something like MS LAPS which is a local admin password solution so that we can make really sure that people are only installing things which have been approved and so on. This was one of the things. Then, we also introduced something like MS Defender as an antivirus solution which is hosted in the Cloud which is making use of AI-identifying things before they get really serious. This for all internal IT infrastructure, making use of the latest approaches and software solutions we can get.
Lately, we started with education because, we said it already multiple times in this discussion here, that the human factor is the most important part. We need to sensitize people about all the risks and all the things the internet brings. That’s why we started to have these security trainings, web-based and so on, which really help
In terms of our solutions which we are offering, we planned accordingly a roadmap on how to make it CMMC compliant. All our hardware, we have to rework our whole controller infrastructure which we are offering to make our furnace CMMC compliant. The same for our MES software which we are having on premise for QMULUS, as well, which is our IIoT solution which is hosted in AWS. Here, it really depends on our customers if you’re hosting it in the Cloud or in the usual, let’s say, public Cloud. That’s what we are doing. We’re investigating our needs and to the needs of our industry.
DG: Good. And we will get to what do you plan on doing in the future, too.
Brian, why don’t we jump up to you on this. So far, what is Erie Steel been up to?
BF: As I stated during the risk assessment portion of management review, cybersecurity is regularly listed as a consistent internal and external threat. Historically, it’s been less relevant than it is today so little action was done. Now, over the past few years, we’ve really focused in this area and targeted internally on internal infrastructure. With that, we always try to keep a focus on understanding current environmental trends in cybersecurity, but with anything, any policy, any initiative, it should start and end with a strategic plan. Plans need to be well thought out, employee expectations clearly communicated prior to rollout, and feedback welcomed throughout these transitions.
Here, we practice self-audits and realize that server capacity as well as the life expectancy of our server was a great concern. We met with IT several times and came up with the plan to replace and upgrade our existing server and came up with it in four separate phases -- phase 1 being clean up the current system, phase 2 being change the system over, phase 3 being the new file structure for day-to-day operations, and phase 4 is to implement our new cybersecurity policy. Right now, we’re approaching the end of phase 3; so we’ll be sitting down again and reviewing the cybersecurity policy. Like I said, though, if you have doubts, self-audit, or you can always have a third-party auditor come in and share their two cents.
Some other things we’ve done are antivirus, antispyware software -- those should be givens. When individuals need to access the servers remotely, make use of VPN’s, utilize firewall security, ensure management has a firm understanding on the server capacity and requirements, regularly back-up the critical data, have redundant back-ups in different locations, of course make sure your Wi-Fi is secure, passwords should regularly change, same for all the usernames. You’ll see this with a lot of larger companies -- you really want to limit access to data and limit authority to make changes.
One thing we have done is our PLCs are operating locally on our own internal internet in case there is a server storm, in case there is a power outage. Well, a power outage wouldn’t help us in that situation but in case there is a server storm or internet outage, we can still operate locally, we just don’t have all the trending software to support it like day-to-day operations.
DG: That, just by itself, sounds like a huge task. Just switching over a server sounds like a lot of work. I think a lot of companies are going to be listening to this, especially some of the smaller captive heat treaters. Where to start? I think self-audit is a good idea and good advice.
Don let’s go to you then we’ll finish up this question with Heather then we'll move into thinking about the future.
DM: From our perspective, we’re focusing on the human factor. We’re trying to increase training and then once it’s out there, we test it. Once in a while, you’ll get forewarned that sometime within the next 24 hours you’re going to get a phishing email and what do you do with it? Sometimes they won’t tell us and all of a sudden, it’s, “Oo, what’s that?” I’m not going to click on that link. But honestly, those are the doors that are easier to close that we need to.
Some other activities have been like adding multifactor authentication where it’s necessary. Yes, it takes longer, yes, it’s a pain, but it’s necessary to make sure it is you and not somebody else. And then, as everybody else has mentioned, the usual firewalls, protecting Wi-Fi data networks, etc.
I did want to touch a little bit more on the equipment side, for just a minute. In my experiences with customers, sometimes an easier way to deal with this, especially because the interconnectivity to the equipment is becoming more and more prevalent, it’s just basically have a separate service, a separate internet connection that you control. And it’s basically if you need help, if you need to connect that piece of equipment to the internet, you physically plug it in, if not, you take it out. And when it’s out, you are in control. On your network, you’re passing data where you need to and that’s it. It’s back under that umbrella. Then, when you physically plug it in, you’re doing so making that decision consciously to say, “Okay, for this period of time, I need it to be connected.” But at least, then, you have some direct control. Is it rudimentary? Yes. Is it maybe not the most convenient? Yes. But, until you’re to the point where you can research all the needed data and regulations, they can get you to the point where, at least, you have some control.
DG: Right. Nothing like a physical line to plug in and unplug to help you feel safe.
Heather, how about you? What has Thermal Technology been doing?
HF: We started with an assessment that we paid people to do -- an expert that came in and evaluated our system against the CMMC requirements. That was very scary and expensive and it felt like someone was speaking Greek to me and, frankly, I got bored within the first 30 minutes of him giving me the report. But that’s where you start. And don’t be afraid if you get a negative score on the darn test because you’ve got to pick a place and you’ve got to get the baseline.
The nice thing about CMMC is it’s progressive; it’s meant to be transitional. You’re not going straight to level 3 and your whole life is going to change. You go from that assessment and then you work your way into phase 1. The CMMC level 1 is meaning we’re doing this stuff; we just can’t repeat it and we don’t have any documentation. And then level 2 -- okay, now we’re doing stuff and now we’re going to make it repeatable by documenting it. Then phase 3 is now we’re going to make machines manage the processes that are documented so we can repeat them and do them. It builds upon itself. So, embrace the stages. That’s what we’ve done and we started all the way back when we were a .79.
DG: Out of what?
HF: Out of the level 1 – 3. We were .79. Now, I’ve seen people who are minus numbers (-2, etc.) and that’s okay. Everyone starts somewhere, and if you haven’t had to look at infrastructure as related to information technology in 20 years, then why would you have ever looked at it? Take it in the phased approach. That’s what we did and we baby-stepped our way in and took all the painful points and broke them down into 1,000 substeps and that was the best thing we could have done.
DG: We’re going to go backwards in order, if I can, and let’s talk about the future. I guess, what I want to get a sense from you guys, to wrap up, is 1.What do you see as being the greatest risks to your companies, and, I think, especially with our equipment guys with Nitrex and with Mike and Don, if you’re able to address from your customer’s perspective, 2.What are the issues with new equipment going in? What are the biggest risks that you’re seeing, if there are any, and what do you see us doing in the future differently than what we’re doing now as far as mitigating any of those risks?
Heather, back to you on this one?
HF: The biggest risk is complacency or denial. This will come to you and it already has. If you take the viewpoint of, “Well, I’ll do it when my customer makes me,” you will be so far behind the ball, it’s going to be painful. The absolute worst risk you could possibly take is not looking at it or denying that you’re involved in it. If you’re in heat treating, it is 90% likely that this is going to apply to you in some way. Now, the great news is CMMC 2.0 -- over 60% of the industrial supply base is only going have to be a level 1 -- that’s a self-report annually. That’s not that big a deal. Anybody can do that. And there are great resources that are being developed to help people that want to get that basic level of CMMC compliance.
So, don’t wait, don’t deny it, get your customers to pay for it, put it in your RFPs. It is an allowable cost for reimbursement; don’t let anyone tell you otherwise. If you need more help on that, let me know.
"On the note of chaos, when it sets in, communication is key. If you’re the responsible party, designate primary and secondary points of contact for cybersecurity support. Have performance incentives in place for the responsible managers. If you’re rolling out a new policy, based on the successful rollout of that policy, put some incentives in place. Maintain open lines of communication and welcome feedback."
DG: That’s one of the questions we didn’t get to and that was how to make your customers pay for it which sounds like a very intriguing question, but yes, you mentioned it there.
Don, how about you? We’ll go over to you on this one.
DM: I think, moving forward, a couple of things are happening: The labor market is changing; it’s changing to a demographic that’s more familiar with this technology, which is a good thing. Although, as we said, I think it was Brian that said earlier on, some of those generations may not be as sensitive as they need to be. But what that means is that the older days when we relied heavily on operators to know what’s going on, now we’re switching more towards the technology managing the equipment from the equipment’s point of view. What that means is there will be fewer people managing more equipment from fewer places. So, if you’re looking at a multilocation operation that’s managing data from a central location, that becomes pretty complex pretty quick; but it’s becoming more commonplace in the industry than it used to be. Obviously, that opens up a lot of doors for cybersecurity risk and that’s got to be carefully managed, in the light of CMMC and others as far as cybersecurity goes.
I think the future is -- the technology is there, it’s available, but it has to be implemented carefully and it has to be well thought out by people who know what they’re doing.
DG: Brian, I think we go to you and then we end with Mike.
BF: When chaos sets in, the one standing by your side, without flinching, can be considered your family. When chaos sets in manufacturing, managers must remain flexible, patient and understanding which leads to the difference between a leader and a manager. A good manager is not always a leader, and good leaders are always managers. Managers have people work for them while leaders have people follow them. On the note of chaos, when it sets in, communication is key. If you’re the responsible party, designate primary and secondary points of contact for cybersecurity support. Have performance incentives in place for the responsible managers. If you’re rolling out a new policy, based on the successful rollout of that policy, put some incentives in place. Maintain open lines of communication and welcome feedback. Make sure that training materials are available. Something that I’ve come to realize is that employees often shy away from asking for help. Instead, try to get the help at their fingertips and ask specific, strategic questions to prove they’re understanding.
Really, at the end of the day, conduct your risk assessments. You don’t know what you don’t know, and that’s 95% of what is knowledge today. Be cognizant of what’s out there. Let’s face it -- cyberwarfare, cyberterrorism are very real, very selective, quick and cheap attacks from the hacker’s perspective, and they remain anonymous.
DG: And devastating for the companies that are on the receiving end, potentially.
BF: On the microscale, it’s real, especially for small businesses.
DG: You’ve hit on an interesting thing, Brian, and obviously we can’t spend time talking about everything but, it’s just the way you address this from a personnel perspective inside your company -- are you having someone there that’s the point person for cybersecurity? This shows my ignorance, but that’s okay, it’s easy to do. Do they have a chief security officer, a CSO, now, I assume, adding to the ‘C-suite’?
But yes, I think that’s a good point.
Let’s go over to Mike. What do you see as being the future threats and how are we going to be mitigating them?
ML: I think there is not that much to add here. We talked about the human factor, as I said, is the most important thing. Education and also more of education is needed here. Also, with the people on the shop floor, they are often working still with pen and paper -- they are not really used to going with the digital mediums and components and so on. So, really, we have to be sensible there, as well. You mentioned that the management has to take care that they are not "steamrolled" by all these approaches. This is really important.
The other thing, I already mentioned as well, is to outsource as much as possible, if it’s possible. Talking about the hardware, the software components and solutions and so on -- if you can get a solution which is CMMC compliant and the vendor is stating it, get it, because it’s taking a lot of work from you.
DG: The last thing we’ll do, and you may or may not have anything for this -- any final thought you want to leave with the people that might be listening to this, watching this? These are basically going to be people who are manufacturers who have their own in-house heat treat shops, commercial heat treaters, suppliers to the industry. Are there any last comments that you want to leave?
Don, anything?
DM: The only thing I’d add is just to be proactive. That always helps in these cases. And what that means is up to you but be proactive to address it.
DG: I was thinking the same thing: Don’t stick your head in the sand. Or, if it is there, get it out. Get it out of wherever it is and pay attention. Be proactive.
Heather, how about you?
HF: That’s exactly right. And some of us have larger egos that prevent us from reaching out for help. Understand that the literal federal government wants to help you, and there are so many resources out there that can be a nightmare to navigate but start with the people on this call. Reach out, talk to someone, get outside your circle and start figuring out how to make it work for you.
DG: Mike, how about you and then we’ll end with Brian, if you have any other comments. Again, if you don’t, no problem.
ML: That statement of Heather’s, I think, of being proactive, ask for help, don’t be shy. Invest the money. It will be worth it to invest.
DG: Brian, how about you?
BF: I think, find what works best for your organization and remain flexible. Solutions to cybersecurity should not be a one size fits all approach, so plan for the worst and strive for the best.
DG: Guys, thanks very much. I appreciate it. This is a huge, huge topic. I know we’ve just skimmed across the top.
Heat treaters travel for miles to attend Furnaces North America 2022, in Indianapolis, IN, for two days of learning and networking. This guide gives some necessary attendee information and can’t-miss highlights from the schedule.
The Indianapolis Convention Center (ICC), at 100 Capitol Avenue, is the place to be. Check out the parking maps to plan your route and incorporate access via skywalk when planning your arrival. Additionally, scan the QR code below (or click here) to log in to the FNA 2022 resources, including resources to navigate the show floor tomorrow and links to find things to do with colleagues, employees, and clients.
Monday
From 7:00 AM to 6:00 PM today, you can complete registration and pick up your badge at the ICC outside of hall B. You can do this on your way to the FNA 2022 Kickoff Welcome Reception, which begins at 6:00 PM at the Marriott Downtown 350 W Maryland Street.
Tuesday
Here’s a sample guide of how to maximize your time at the Indianapolis Convention Center on Tuesday, October 4th.
7:00 AM – 5:00 PM: Pick up your badge and register outside hall B of the ICC if you haven’t already done so.
10:30 AM – 5:30 PM: Tour the FNA Business Exhibition in hall B.
12:00 PM: Lunch at adjoining food court.
4:00 PM – 5:30 PM: Trade Show Floor Reception
What?
Discover “New Equipment”, “Emerging Technology”, and “Changing Trends” at the technical sessions. The 5 topics that you can explore on Tuesday are Maintenance, Equipment, Energy, Compliance, and The Future.
The following is a sample of some of the technical classes we are looking forward to:
“Heat Treat Robotics . . . .The Present, The Future” Room 124 (8:00 am — 8:35 am)
“Improved Predictive Maintenance Using SCR Power Controllers” Room 120 (8:50 am — 9:25 am)
“Saving Energy & Money in Your Heat Treat Plant” Room 122 (9:40 — 10:15am)
“Vacuum Furnace Leaks — What You Need to Know” Room 120 (10:30 am — 11:05 am)
Following these technical sessions, the entire exposition floor of Hall B holds over 135 booths, just waiting to share ideas and innovations. Find Heat Treat Today at Booth #622-624.
Who?
This full list of exhibitors will help you identify the heat treat industry players you want to visit. The time for in-person conversation is invaluable as you navigate new leads. This quick video (or watch below) gives the sense of what an opportunity this is: “You will not want to miss everything heat treating including a packed exhibit hall of the top suppliers in the industry, 35 technical sessions and the best minds in heat treating from both commercial and captive heat treaters.”
See you soon!
Find heat treating products and services when you search on Heat Treat Buyers Guide.com