OP-ED

Cybersecurity Desk: Not Using 2FA or MFA? Your Data Is Not Secure

/ CYBERSECURITY, FEATURED NEWS, MANUFACTURING HEAT TREAT, OP-ED / Leave a Comment

How can increased cybersecurity measures benefit today’s heat treaters and their clients? Find out more with an exploration of 2FA and MFA!

Today’s read is a feature written by Joe Coleman, cybersecurity officer at Bluestreak Consulting™. This column was first released in Heat Treat Today’s August 2023 Automotive Heat Treat print edition.

Introduction

Joe Coleman
Cybersecurity Officer
Bluestreak Consulting™
Source: Bluestreak Consulting™

This 9th article in the series from Heat Treat Today’s Cybersecurity Desk will explain the significance of 2FA (2-Factor Authentication) and MFA (Multi Factor Authentication), their benefits, and how they can help secure your data and your clients’ data.

2FA and MFA have proven to be effective methods to enhance online security. And, if you provide any products or services to a DoD (Department of Defense) contractor, this is mandatory for all users accessing your computer systems and critical data. Implementing 2FA is a minimum requirement and is better than just a username/password combination. MFA takes your security to a whole new level.

What Is 2FA?

2FA adds an extra layer of security to the usual username/password combination. It requires users to provide a second authentication factor, typically something they possess, in addition to their password. Common examples include a one-time verification code sent via SMS, email, or generated by an authentication app like Google Authenticator or Authy. By requiring the combination of something known (password), along with something possessed (authentication factor), an additional level of security is provided.

What is MFA?

The strengths of Multi-Factor Authentication (MFA) take security a step further by incorporating multiple authentication factors beyond the customary two. These authentication factors can be categorized into three main types: something you know (password or PIN), something you have (smartphone or security token), and something you are (biometrics like fingerprints or facial recognition). MFA offers increased security as it requires multiple factors to be verified before granting access.

Is MFA Better than 2FA?

In terms of security, the more the better should be the correct mindset. MFA is a more secure method than 2FA, because a user must respond to more checkpoints, especially if authentication factors disperse through different access points that aren’t available online (like a token or security key) and require a physical presence. Proving user identity multiple times instead of just submitting items of proof twice (i.e., 2FA), lowers the chance of a breach and helps achieve security compliance requirements.

Implementing 2FA or MFA

Enabling 2FA and MFA is becoming a more and more accessible option across many platforms and services. The most popular websites, email providers, social media networks, and online banking institutions offer 2FA and/or MFA options. Users can typically find the necessary settings in their account security or privacy preferences. It is crucial to follow the provided instructions for setting up and managing these authentication methods properly. In an age where cyber threats are always rising, protecting our online presence is critical. 2FA and MFA have proven to be effective methods in safeguarding our digital lives. By implementing these extra layers of security, companies can enhance their defenses and protect their data and their clients’ data.

What About Your Outside Personnel Support?

Chart with Cybersecurity Acronyms
Click on the Image for a full list of Cybersecurity Acronyms

Many companies have outside vendor support, and maintenance personnel access their network and systems on a regular basis. For example, they may use VPN access that requires the user to “punch a hole” in the firewall, making it much more vulnerable to unauthorized access. Additionally, it is typically a configuration nightmare for your network and the IT folks to get it working properly.

There is a better way. Through much research and testing, we have found that BeyondTrust is a great tool to use to allow outside vendors secure access to the information they need to see without connecting to your network. It is currently used by 20,000+ organizations worldwide with much success and security. BeyondTrust also records their entire online session so you can see exactly what they accessed and did during the online session. Check out www.beyondtrust.com for more information.

About the Author:

Joe Coleman is the cybersecurity officer at Bluestreak Consulting™, which is a division of Bluestreak | Bright AM™. Joe has over 35 years of diverse manufacturing and engineering experience. His background includes extensive training in cybersecurity, a career as a machinist, machining manager, and an early additive manufacturing (AM) pioneer. Contact Joe at joe.coleman@go-throughput.com.

Find heat treating products and services when you search on Heat Treat Buyers Guide.com

Cybersecurity Desk: Not Using 2FA or MFA? Your Data Is Not Secure Read More »

Greener Mobility from the Heat Treat Department

/ AUTOMOTIVE HEAT TREAT, FEATURED NEWS, OP-ED / Leave a Comment

The trend of automotive companies in recent years has been to bet on greener ways of transportation to reduce the carbon footprint that we have left over the last decades.

In today’s article, Humberto Torres Sánchez, quality coordinator at ZF Group makes the point that as heat treatment professionals, it is our duty to look for viable alternatives that do not affect the quality of heat treated products, remain safe, and above all reduce our carbon footprint. Read this original content release in Heat Treat Today’s August 2023 Automotive print edition.

Humberto Torres Sánchez
Quality Coordinator
ZF Group
Source: ZF Group

At ZF Group, we are committed to this challenge with many heat treat efforts employing induction. In fact, the decision to incorporate induction heat treatment initially was made to reduce operating costs, improve part and plant cleanliness, and improve layout, as opposed to conventional hardening. With induction heat treat, we are able to use less quench media — avoiding waste — and work to improve the efficiency of induction heat treatment in our facilities.

As a result, we’ve seen major improvements. These include streamlined processes by reducing electricity consumption, reduction of air emissions, and the most important, in my opinion, the total elimination of the use of oil for tempering when using environmentally friendly tempering media.

But improvements didn’t happen overnight. It took at least two years to fully incorporate induction for our automotive parts production, and streamlining the processes came about in stages. Three key steps to incorporate induction for our in-house heat treat operations were:

  1. Understand required product qualities (e.g., steel quality, diameter, length).
  2. Achieve the metallurgical characteristics required by drawings and making use of the parameters of the inductor machine (e.g., power, heating speed, quench flow).
  3. Validate the product with functional tests (dynamic and static).

To accommodate all of these new changes, we must add continuous training with personnel. This is essential to avoid reprocessing parts, as well as to reinforce the importance of analytical and critical thinking in favor of ecological improvement.

Another important element to move towards sustainable automotive processing solutions is employing the use of low pressure carburizing (LPC) instead of conventional carburizing. Greater homogeneity of metallurgical characteristics such as hardness and effective case depth can be achieved. Using LPC, we can reduce air emissions and eliminate quenching oil.

Making automotive heat treat operations environmentally friendly is an all encompassing endeavor.

Humberto Torres Sánchez

Making automotive heat treat operations environmentally friendly is an all encompassing endeavor. In transitioning away from oil quenchants in heat treat operations, we have been able to use cleaning detergents that are less corrosive, and which have a longer half-life within the process. In the future, the processes the industry uses will move to more environmentally friendly chemicals, and the correct preventive maintenance to avoid liquid leaks to eliminate soil contamination will be made.

Through all these efforts, ZF Group is committed to a greener mobile future.

About the Author: Humberto Torres Sánchez is the quality coordinator at ZF Group and is responsible for the quality department, laboratories, and special processes (heat treatment and welding). Involved in a variety of plant operations, he acts as the lead auditor for both CQI-9 and CQI-15. Learn more about Humberto from his 40 Under 40 Class of 2022 profile.

For more information: Contact Humberto at humberto.torres.iq@gmail.com.

Find heat treating products and services when you search on Heat Treat Buyers Guide.com

Greener Mobility from the Heat Treat Department Read More »

Cybersecurity Desk: Work-From-Home Cybersecurity Tips and Best Practices

/ CYBERSECURITY, FEATURED NEWS, MANUFACTURING HEAT TREAT, OP-ED / Leave a Comment

Work-from-home benefits and challenges extend to work-from-travel occasions! Access corporate networks and systems with 8 cybersecurity best practices.

Today’s read is a feature written by Joe Coleman, cybersecurity officer at Bluestreak Consulting™This column is in Heat Treat Today’s June 2023 Heat Treat Buyers Guide print edition.

Introduction

In this eighth Cybersecurity Desk installment, understand the benefits and challenges associated with working from home or accessing corporate networks and systems while traveling.

Why Are So Many People Working from Home?

The COVID pandemic forced many companies to adapt to remote working and work-from-home (WFH)

Joe Coleman
Cybersecurity Officer
Bluestreak Consulting
Source: Bluestreak Consulting

policies. Even though these policies have provided employees with more flexibility, they have also highlighted cyber risks that companies must consider. As of March 2022, work-from-home and working remotely have increased by 238% compared to pre-pandemic numbers. Although that number has reduced somewhat recently, it has changed the way companies operate and view WFH.

Several benefits of WFH include:

  1. Increased employee retention and productivity
  2. Reduced distractions and interruptions by coworkers
  3. Reduced company overhead costs
  4. Increased family time by eliminating commute

One of the first challenges most companies face when shifting to a WFH model is ensuring every employee has high-speed internet access. Most employees will use home Wi-Fi network or cell phone/wireless carrier as an internet “hot spot.” The first common sense rule of thumb is always try to avoid public Wi-Fi and public charging stations. Any way you choose to access high-speed internet, it must be secure. By now, most companies should have WFH or remote work policies and procedures in place, with employee awareness and training, because they MUST be followed to reduce cybersecurity risks.

Cybersecurity Best-Practices for Securing Remote Workers

If your company has employees that work from home and you’re wondering what cybersecurity measures you should put in place, here are some best practices to help you:

  1. Secure your work sessions: Using a single room that has a door that can lock is the ideal situation when possible. Many WFH employees are either sitting at their kitchen table or in the living room. In those cases, make sure to have your monitor facing a wall to prevent family or guests from viewing your work session and lock your computer when you’re away.
  2. Separate your home and business networks: Separate your Wi-Fi network so company-approved devices will be separate. Even better, use a secure network and a company-issued Virtual Private Network (VPN) to access your business accounts. You can also use BeyondTrust for secure remote access. Home routers should always be updated to the current software version when it becomes available.
  3. Separate work and personal devices: When accessing your corporate network, only use company-approved devices. Unless your company allows Bring-Your-Own-Device (BYOD), never use an unapproved device to access your company network.
  4. Think before you click: Hackers use phishing and other social engineering methods to target employees with legitimate-looking emails and social media messages. These can trick users into providing confidential data, such as usernames, passwords, credit card numbers, social security numbers, account numbers, etc. SLOW DOWN.
    Don’t click on links sent from an unknown or untrusted source. Resist the urge to click links in a suspicious email. You can hold your cursor over a link, and it will show you (in the bottom left corner of your screen) the website that it will go to if you click on it. If it’s an unknown or suspicious site, DO NOT click on it.
  5. Click the Image TO Download More Than 350 Cybersecurity AcronymsAntivirus with real-time scanning: Antivirus software detects the presence of malware on your computer. A dynamic scanning feature repeatedly checks for computer infiltration by a malicious threat. Always keep your antivirus up to date and active.
  6. Update programs, applications, and operating systems: Vulnerabilities in applications and operating systems are continually being found and exploited. Cybercriminals often use these vulnerabilities to exploit data and infiltrate devices and networks. Application vulnerabilities are a cybersecurity challenge of remote working. Make sure you are regularly performing updates as they are released.
  7. Use 2-Factor Authentication (2FA) or Multi-Factor Authentication (MFA): If you’re not using 2FA or MFA, you are NOT secure. You should use 2FA or MFA wherever it’s available. Your company should have this requirement in its policies and procedures.
  8. Use strong PINs/passwords on your devices: Strong passwords should contain a good mixture of upper/ lowercase letters, numbers, and symbols (or special characters). Passwords should also not be based on dictionary words and should contain at least twelve characters (the longer the better). Never use the same password for multiple accounts and use a password generator and a password manager.

About the Author:

Joe Coleman is the cybersecurity officer at Bluestreak Consulting™, which is a division of Bluestreak | Bright AM™. Joe has over 35 years of diverse manufacturing and engineering experience. His background includes extensive training in cybersecurity, a career as a machinist, machining manager, and an early additive manufacturing (AM) pioneer. Contact Joe at joe.coleman@go-throughput.com.

Find heat treating products and services when you search on Heat Treat Buyers Guide.com

Cybersecurity Desk: Work-From-Home Cybersecurity Tips and Best Practices Read More »

Conserve Electric Power and Save Dollars in Vacuum Processing

/ FEATURED NEWS, MANUFACTURING HEAT TREAT, OP-ED / Leave a Comment

Generally, electric power consumption is insidious, because it is not seen and is not considered enough by operating personnel. Uncover sources of power consumption at a typical heat treat plant and ways to conserve it.

This column is written by William Jones, CEO and founder/owner of Solar Atmospheres Group of Companies, and Roger A. Jones, CEO Emeritus at Solar Atmospheres, Souderton, PA, and appeared in Heat Treat Today’s June 2023 Heat Treat Buyers Guide print edition.

If you have suggestions for topics you’d like to see in the future, please email Bethany@heattreattoday.com.

William Jones
CEO and Founder/Owner, Solar Atmospheres

Generally, electric power consumption is insidious, because it is not seen and is not considered enough by operating personnel. The following is a summary of power consumed in a typical heat treat plant along with several ways to conserve power (and money) in operating costs.

Electric Motors

Roger Jones
CEO Emeritus, Solar Atmospheres, Souderton, PA

Electric motors are prolific throughout a heat treat plant. Some areas where they would be found include:

  • Water recirculation pumps for cooling purposes
  • Vacuum pumps
  • Circulation pumps for oil used in quench tanks
  • Fans
  • Quench motors

High Vacuum Diffusion Pumps

High vacuum diffusion pumps operate with no noise, which adds to the insidious nature of their power consumption; operating costs for these pumps are more or less “out of sight.” To ensure diffusion pumps are not increasing costs, confirm that all diffusion pumps are set to run on the ConserVac® settings with full power (all three phases on) during high vacuum cycle and partial pressure cycles running on half power (one or two phases off). When possible, turn off/ shut down the diffusion pump.

Variable speeds of gas blowers can decrease power consumption, especially at the end of a cooling cycle when the heat of compression is noticeable. To do this, program all quench cycles to shut down the blower at the lower temperature as required on the work thermocouples (i.e., 125°F) and do not run blowers for excess time.

Building/Office Lighting, AC, and Heating

There’s more to saving than just focusing on vacuum equipment. Consider the following list of ways to reduce everyday power consumption:

  • Turn off all office and shop lights when not needed, except for night lights. Make sure all office lights are off during non-working hours and weekends.
  • Use newer, high efficiency type building lights.
  • Program office heating and air conditioning for setback, like office lighting.

Lesson to be learned: turn off any electric motor or light whenever it is not in operation.

Costs of Running Electric Motors @ 10 cents/KWh

Furnace Heating Rate

No furnace should be heated any faster than 15°F to 30°F/minute or 900°F to 1800°F/hour, unless specific instructions mandate otherwise.

Scheduling and Power Demand

Understanding the utility company, peak times for electricity usage, and scheduling appropriately can decrease energy consumption and cost. The following are a few suggestions to direct thinking around scheduling and power demand:

  • Utility company provides an electric power meter for kWh and demand kVA
  • Meter contains a power demand register
    • Record of electric power usage over a specific time increment
    • Instantaneous demand peak recorded each month
    • Result is the total kW hours registered in one part of the bill and the second part of the bill is kW electrical power demand
  • Ideal situation: instantaneous power demand would be flat with no demand peaks for the month, but this is not the norm
  • Batch type electric furnaces can produce major demand peaks:
    • Major electric power savings are possible if equipment can be controlled so the peak demands can be staged, i.e., over several furnaces
    • Schedule heavy production cycles to “off peak hours” usually during the evening, i.e., after 6 pm to 8 pm
    • Some utility companies will not penalize for the demand factor during “off peak hours”
  • Electric furnaces that operate with “on/off” control using electric contactors are offenders
    • The furnace will call for full power in the “on mode”
    • When temperature reaches the set point, power will be completely turned off
    • Electric power can easily be peaked if several batch furnaces operate in this mode together
    • Solution: replace the electric on/off contactors with SCR (silicon controlled rectifier) power supplies
    • SCR controllers will provide a proportional power control, minimizing peaked power demand

Operating Costs for Diffusion Pumps, Varian Diffusion Pumps

Power Factor Conclusions

It is important to be aware that:

  • Power factor can significantly affect the electric power bill if the electric utility charges a penalty for operating at power factor less than unity or bills in kVA rather than kW.
  • Electric furnaces that operate with resistance heating elements connected directly across the power line, or incandescent lighting in the plant operate at near unity power factor.
  • Utility companies penalize users in different ways for power factor and penalties vary by location.
  • Motors will have an average power factor of 0.8%.
  • Furnace power supplies will have variable power factor depending on loading, averaging about 0.65.

In Summary

There are many ways to conserve dollars in any ongoing manufacturing or heat treating plant. Knowing what — and how — power is consumed in heat treat departments helps operators identify areas to conserve energy in vacuum processing and also in day-to-day operations. Other than “turning off the lights,” many other opportunities are available to operating personnel as outlined above.

References

William R. Jones, “Conserving Electric Power: Part 1 and Part 2,” Solar Manufacturing, April 2002, https://solarmfg.com/tech-downloads/conserving-electric-power-part-i/ and https://solarmfg.com/tech-downloads/conserving-electric-power-part-ii/.

Contact Solar Atmospheres at www.solaratm.com

Find heat treating products and services when you search on Heat Treat Buyers Guide.com

Conserve Electric Power and Save Dollars in Vacuum Processing Read More »

Checking Your System’s Logic

/ FEATURED NEWS, MANUFACTURING HEAT TREAT, OP-ED / Leave a Comment

We’re addressing problems our readers operating older equipment face: Does your safety logic measure up?

This column is a Combustion Corner feature written by John Clarke, technical director at Helios Electric Corporation, and appeared in Heat Treat Today’s June 2023 Heat Treat Buyers Guide print edition.

If you have suggestions for topics you’d like John to explore in the future, please email Bethany@heattreattoday.com.

John B. Clarke
Technical Director
Helios Electric Corporation
Source: Helios Electric Corporation

This month we will break temporarily from our discussion of radiant tubes systems to address a problem faced by our readers who operate older equipment. Does your safety logic measure up? Have you availed yourself of the latest thoughts about how to best construct a safe system?

The National Fire Protection Association (NFPA) publishes various codes and standards to guide the design of heat process equipment. These codes and standards are under constant review by experts in the field and are updated regularly. The latest versions of NFPA 85, 86, 87, and others are readily available for download at nfpa.org/Codes-and-Standards for about a hundred dollars. The investment in reviewing new versions of critical standards provides valuable insight into the thinking of experienced professionals who apply their ongoing experience as they seek to make our combustion equipment ever safer.

The standards above are generally prescriptive — in that they specify devices and locations, but they also teach the reason behind specific requirements if the reader slows down and thinks logically. An example of this is the requirement in NFPA 86 that states the motor starter which drives the combustion air blower (or other critical devices) be included in the interlock string. If the blower motor pulls too much current, the motor starter’s overload relays trip, shutting off the combustion air blower. A fuel rich condition is prevented because as soon as the blower trips, the interlock string is interrupted and the shutoff valves close, preventing any further fuel gas from being introduced to the system. The code also specifies that a low combustion air pressure switch (or draft switch) be applied; but these devices take time to react to the failure, and with safety logic, the sooner a system is rendered safe, the better.

Monitoring the motor starter and the combustion air pressure switch are on the prescriptive side of the standard, but let us think a bit more about this requirement. Loss of the combustion blower is a critical failure. Are there other failures that can shut off the blower that would not be indicated by the auxiliary contact on the motor starter? If the motor fuses were to blow, or a line of sight disconnect were to be opened, would the interlock detect this failure? What can I do to detect these conditions? Perhaps it would be appropriate to monitor not only the contact on the starter, but the current pulled by the motor using some type of current relay?

The safeties that were installed on my system were good enough when it was manufactured in 1990, why upgrade them now? That is a fair question, but one of those questions that is best answered with another question. Has technology advanced in the last 30 years? Have we gained experience, learned from our mistakes and successes? The answer is yes.

So why not avail yourself of the experience learned by the professionals that volunteer their time to ensure our codes and standards encompass their collective experience? Your assignment is to purchase and download the latest version of the applicable codes or standards and take the time to review them. The reading is pretty dry, but the payoff can be extremely beneficial.

Find heat treating products and services when you search on Heat Treat Buyers Guide.com

Checking Your System’s Logic Read More »

Cybersecurity Desk: What Should Heat Treaters Be Doing NOW?

/ CYBERSECURITY, FEATURED NEWS, MANUFACTURING HEAT TREAT, OP-ED
op-ed

This seventh article in the series from the Cybersecurity Desk  helps you determine if CMMC applies to your business, learn about what changes were made to CMMC 1.0., know what you should be doing NOW to prepare for CMMC 2.0., and more.

Today’s read is a feature written by Joe Coleman, cybersecurity officer at Bluestreak Consulting™. This column is in Heat Treat Today’s May 2023 Focus on Sustainable Heat Treat Technologies print edition.

Introduction

Joe Coleman
Cybersecurity Officer
Bluestreak Consulting™
Source: Bluestreak Consulting™

Along with determining if CMMC (Cybersecurity Maturity Model Certification) applies to your business, this 7th article in the series from Heat Treat Today’s Cybersecurity Desk will give you a better understanding of what the certification is all about and the requirements to become certified. Also, we will cover the changes that were made to CMMC 1.0, the current status of CMMC’s proposed rule, and what you should be doing NOW to prepare for when the CMMC 2.0 rule is finally released.

What Is Changing in CMMC 2.0

In November 2021, the Department of Defense (DoD) announced a major update to the CMMC program. To safeguard sensitive national security information, the DoD launched CMMC 2.0, a comprehensive framework to protect the Defense Industrial Base’s (DIB’s) sensitive unclassified information from frequent and increasingly complex cyberattacks. Manufacturers or suppliers that handle sensitive or Controlled Unclassified Information (CUI) in any way or those within the DIB need to pay attention. CMMC 2.0 condenses the original 5 CMMC maturity levels into 3 levels, eliminating levels 2 and 4, and removing CMMC unique practices and all maturity processes. They have also revised the number of controls required for each of the three new levels. Level 1 includes 17 controls, Level 2 has 110 controls, and the total number of controls in Level 3 is still to be determined. There are also several other changes made that somewhat relax the requirements from CMMC 1.0.

Who Does CMMC Impact?

Manufacturers in the DIB are going to be held accountable to safeguard sensitive information and must comply with CMMC 2.0. Any contractor, subcontractor, supplier, or manufacturer that provides parts or services to the DoD or anyone within the DIB (no matter how minuscule) will need to comply with one of the three levels of CMMC compliance.

What Should Heat Treaters Be Doing Now?

Although CMMC 2.0 is still in the rulemaking phase, the new CMMC proposed rule is expected to be released sometime in mid-2023. This will give some much needed clarity on how to move forward and will help streamline the implementation of CMMC. Warnings will be issued to the DIB through DoD primes and will be passed down through the supply chain. Manufacturers that do not comply will be at risk of losing contracts.

If you (or your clients) are doing work for any DoD primes (or NASA), such as Raytheon, Lockheed Martin, McDonnell Douglas, Northrup Grumman, or L3Harris (and many more), then this applies to your business. If you are unsure, check the fine print in your contracts, and/or ask your clients about their requirements.

If you handle CUI in any way, you need to be at a CMMC Level 2 or Level 3. The most common level is Level 2. If you don’t handle CUI in any way, but you do handle FCI (Federal Contract Information), you will need to be certified at a Level 1.

On average, it can take a company of up to 100 employees between 12 to 18 months for NIST 800-171 (CMMC Level 2) implementation. Meaning, even though CMMC 2.0 is not completed yet, don’t wait until it is. You’re already a year behind if you haven’t started your NIST 800-171 implementations and you want to be ready for when the CMMC 2.0 rule is released

CMMC certification requires government oversight whereas NIST 800-171 compliance can be self-attested. You should always hire a qualified CMMC consultant to ensure that you’re “audit-ready” for your certification audit.

What’s the Difference Between FCI and CUI?

FCI is information not intended for public release. FCI is provided by or generated for the Federal Government under a contract to develop or deliver a product or service. CUI and FCI share important similarities and a particularly important distinction. Both CUI and FCI include information created or collected by or for the government, as well as information received from the government. However, while FCI is any information that is “not intended for public release,” CUI is information that requires safeguarding and may also be subject to dissemination controls. In short: All CUI in possession of a government contractor is FCI, but not all FCI is CUI.

About the Author:

Joe Coleman is the cybersecurity officer at Bluestreak Consulting™, which is a division of Bluestreak | Bright AM™. Joe has over 35 years of diverse manufacturing and engineering experience. His background includes extensive training in cybersecurity, a career as a machinist, machining manager, and an early additive manufacturing (AM) pioneer. Contact Joe at joe.coleman@go-throughput.com.

Find heat treating products and services when you search on Heat Treat Buyers Guide.com

Cybersecurity Desk: What Should Heat Treaters Be Doing NOW? Read More »

In Remembrance and Thankfulness

/ FEATURED NEWS, HEAT TREAT NEWS INDUSTRIES, OP-ED

Heat Treat Today would like to wish everyone a peaceful Memorial Day. The holiday, formerly known as Decoration Day, gives us all a time to reflect with gratefulness on those who have served our country well.

Our offices will be closed on Monday, May 29; and we will resume Tuesday morning, May 30. We grieve with those who have lost a loved one in the service of the U.S. military, and we look forward with joy to the future under the care of those who protect us. Thank you to those who have served.

If you, or someone you know, is a veteran and is also in the heat treat industry, we would like to know a little more about you. Please fill out the Heat Treat Veterans submission form to share the information about time in service. Thank you.

Have a blessed and safe holiday!

- The team at Heat Treat Today

In Remembrance and Thankfulness Read More »

Improving Your Use of Radiant Tubes, Part 4

/ BURNERS & COMBUSTION SYSTEMS TECHNICAL CONTENT, FEATURED NEWS, MANUFACTURING HEAT TREAT, OP-ED

op-ed

In previous months, this series has explored the geometry of a tube, why radiant tubes matter, what happens inside the tube, and radiant tube control systems. For the first three installments, check out Heat Treat Today’s digital editions in November 2022, December 2022, and February 2023. For the month of May, we will continue our discussion of different modes of control for radiant tube burners.

This column is a Combustion Corner feature written by John Clarke, technical director at Helios Electric Corporation, and appeared in Heat Treat Today’s May 2023 Sustainable Heat Treat Technologies print edition.

If you have suggestions for radiant tube topics you’d like John to explore for future Technical Tuesdays, please email Bethany@heattreattoday.com.

John B. Clarke
Technical Director
Helios Electric Corporation
Source: Helios Electric Corporation

High/low and on/off controls require different control strategies from a proportional mode of control. In all cases, we assume the temperature control will be provided by a proportional-integral-derivative loop (PID loop). The function can be provided by a stand-alone instrument or a PID function in a programmable or process controller. The PID algorithm looks not only at the temperature of the process as indicated by the control element (thermocouple or RTD) and compares it to the setpoint — but it also considers the offset and rate of change as well. When properly tuned, a PID control loop can provide control accurate enough to match the process (actual) temperature to the setpoint within a degree or two.

For the lay person, another way of describing a PID loop is to consider how a driver regulates the speed of his automobile. Assume you are driving and want to catch up with and follow the car ahead of you — to do so, you need to match that car’s speed and maintain a safe distance. What you don’t do is floor the automobile until you get to the desired following distance and then hit the brakes. What you do is first accelerate to a speed faster than the target car to close the gap, then you instinctively take your foot off the accelerator when you get close, slowing gradually until your speed and position are as you desire. In this example, you have considered your speed, how close you are to the car you are attempting to follow, and the rate at which you are closing the gap. A PID loop is nothing more than a mathematical model of these actions.

The PID control loop provides an output — the format can vary, but it is in essence a percent output. It is a percent of the maximum firing rate the system needs to provide to achieve and maintain the desired furnace temperature. This percent output can be translated directly into a proportional output for proportional control — where the firing rate is proportional to the loop’s output.

On/off or high/low controls require a different approach where a time proportioning output is provided in which the burner fires on and off on a fixed time cycle. In this mode of control, the PID loop’s output is multiplied by the cycle time to determine the on or high fire period and the on or high fire time is subtracted from the cycle time to determine the off or low fire period. Cycle times can run from as little as 30 seconds to as much as a few minutes. Obviously, the shorter the cycle time, the more responsive the control, but also the more wear on the control components. The cycle time should be as long as possible but still meet the needs of the process control.

Don’t confuse these pulses with other control methods that are marketed as pulse firing. When people speak of pulse firing, they often mean a pattern with alternate burners firing to provide greater temperature uniformity and heat transfer. This is a very interesting subject and the topic for another day.

Find heat treating products and services when you search on Heat Treat Buyers Guide.com

Improving Your Use of Radiant Tubes, Part 4 Read More »

Cybersecurity Desk: Have You Entered Your NIST 800-171 Self-Assessment Score into SPRS Yet?

/ CYBERSECURITY, FEATURED NEWS, OP-ED
op-ed

This sixth article in the series from the Cybersecurity Desk will give you a better understanding of how to submit your basic NIST 800-171 self-assessment score into SPRS (Supplier Performance Risk System).

Today’s read is a feature written by Joe Coleman, cybersecurity officer at Bluestreak Consulting™. This column is in Heat Treat Today’s March 2023 Aerospace Heat Treating print edition.

Introduction

This sixth article in the series from the Cybersecurity Desk will give you a better understanding of how to submit your basic NIST 800-171 self-assessment score into SPRS (Supplier Performance Risk System).

Why Should You Do This?

Joe Coleman
Cybersecurity Officer
Bluestreak Consulting™
Source: Bluestreak Consulting™

The Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7020 is one of the three newly released clauses (after the original 252.204-7012) of the DFARS 252.204-70 series (7019, 7020, 7021) in November 2020. DFARS 252.204-7019 is the “Notice of NIST 800-171 DoD Assessment Requirements”; whereas DFARS 7020 consists of the requirements alone. DFARS 7020 requires you to submit your basic NIST 800-171 self-assessment score to SPRS. Contractors and service providers are to provide the government access to its facilities, systems, and personnel any time the Department of Defense (DoD) is renewing or conducting a Medium or High assessment.

Once your self-assessment score has been submitted and accepted into SPRS, you will be eligible to be awarded contracts. Your score must remain in SPRS throughout the duration of the contract(s). You’ll need to show that you are working towards full compliance.

If a self-assessment score submitted to SPRS is required in order to win a contract, and you don’t have a self-assessment score in the system because you don’t have CUI, does that mean you will lose the contract? Maybe.

The requirement for NIST SP 800-171 DoD self-assessment is being enforced whether or not you have CUI. So, it makes sense to get started on this ASAP to position your company for additional business. Plus, having better cybersecurity controls in place is definitely a business best-practice.

How To Submit Your Basic Self-Assessment Score to SPRS

There are two ways to submit your basic self-assessment score to SPRS.

Option 1: Using email to send the information. Submitting your self-assessment score via email to SPRS includes the following steps:

  • Get an accurate NIST 800-171 Self-Assessment and Score. Conduct the self-assessment and obtain your score using cybersecurity professionals that carefully follow the required DoD Assessment Methodology for NIST Special Publication (SP) 800-171A.
  • Identify your SPRS “Scope of Assessment.” Your SPRS score submission will fall into one of three categories: Enterprise, Enclave, or Contracts.
  • Determine your expected completion date. The “Plan of Action Completion Date” must be determined according to your compliance project timelines.
  • Find your commercial and government entity CAGE codes. Your CAGE codes represent the part(s) of your organization included in the assessment and represented in the final System Security Plan (SSP) document.
  • Provide a brief description of the SSP format and system architecture.
  • Submit your self-assessment score to SPRS. To submit your score, send an email (optionally encrypted and signed) to webptsmh@navy.mil with the subject line “SPRS Self-Assessment Score Submission” in the exact format specified below:
    • Assessment date
    • Assessment score
    • Scope of assessment
    • Plan of action completion date
    • Included CAGE(s) codes
    • Name of System Security Plan (SSP) assessed
    • SSP version/revision
    • SSP date
    • Wait for email confirmation

Option 2: Using the PIEE (Procurement Integrated Enterprise Environment). 

Register a PIEE account at https://piee.eb.mil/. Once your business is registered, choose the SPRS link and follow all instructions. You will need to provide all the same information as shown in Option 1.

Funding & Cost Sharing May Be Available for Heat Treaters

With the huge push for stricter cybersecurity practices by the government and many businesses, cost sharing and funding sources have been identified that may cover a substantial percentage of the costs associated with these critical cybersecurity projects. Every state has at least one MEP (Manufacturing Extension Partnership). Many states are more than willing to help out with the cost of implementation.

About the Author:

Joe Coleman is the cybersecurity officer at Bluestreak Consulting™, which is a division of Bluestreak | Bright AM™. Joe has over 35 years of diverse manufacturing and engineering experience. His background includes extensive training in cybersecurity, a career as a machinist, machining manager, and an early additive manufacturing (AM) pioneer. Contact Joe at joe.coleman@go-throughput.com.

Find heat treating products and services when you search on Heat Treat Buyers Guide.com

Cybersecurity Desk: Have You Entered Your NIST 800-171 Self-Assessment Score into SPRS Yet? Read More »

New Sustainability & Decarbonization Initiatives for Heat Treat

/ FEATURED NEWS, HEAT TREAT ECONOMIC NEWS, OP-ED

op-ed

Searching for sustainability resources? Check out this first installment of the Sustainability Insights series, from the Industrial Heating Equipment Association (IHEA) for what’s available to in-house heat treaters across the industry.  

Discover the resources IHEA provides in their web-based Sustainability area and a new webinar series launching May 11.

One thing is certain, and it's that there is great deal of uncertainty about how to begin addressing issues of sustainability and decarbonization. As heat treaters begin to receive more and more questions about decarbonization, IHEA saw an opportunity to help the industry and began developing a variety of initiatives relating to sustainability and decarbonization in the industrial heating equipment industry. 

Getting Started with Sustainability 

Contact us with your Reader Feedback!

The first step towards decarbonization is understanding this is a topic that will not go away. While they may not see any immediate consequences, heat treaters need to at least begin preparing now for what is quickly approaching. Before long, clients are going to be demanding heat treaters show that they are lowering their carbon emissions. Thinking,This will not affect my business,” will be detrimental in the long term.  

IHEA recommends to start by considering efficiency and getting an initial assessment of carbon footprint. The fastest, easiest way to reduce carbon footprint is to burn less fuel by investing in efficiency improvements. As a side benefit, operating costs are also reduced. IHEA's current combustion courses do have content on efficiency and low carbon fuels and a webinar series specifically designed to help everyone understand how to determine their initial accounting of their carbon footprint. 

Future Plans 

The deeper driving forces that will affect our industry regarding sustainability are regulations, incentives, and energy economics. Rapidly changing environmental policy, growing technology incentives, and a shifting relative cost of fuels (and alternate fuel options like hydrogen) are opening new pathways for businesses to factor carbon footprint and sustainability into their operations. 

Because of these upcoming changes, IHEA is developing a wide array of services and tools that will help those looking to lower carbon emissions determine the best approaches for their heat treat facilities. An entirely new body of content will be developed that will be at the leading edge of this industrial revolution.  

To kick things off, IHEA has developed a Sustainability area on their website that features the foundation of information the industry needs. The Sustainability area includes the following sections: Sustainability FAQs, Sustainability Terms & Definitions, and Sustainability Resources. The Sustainability section will continue to expand by adding content and resources on a regular basis.

Additionally, IHEA is launching a series of webinars that will start the process of walking companies through the complicated issues related to decarbonization: 

  • May 11: Thermal Processing Carbon Footprint (click to register/read more)
  • June 15: Defining Greenhouse Gas (GHG) Emissions to Target NET-ZERO 
  • July 20: DOE Tools and Programs for GHG Reduction 
  • August 24: Ongoing Sustainability: Industry Best Practices for Continual Improvement 

The goal is to provide unbiased education for everyone involved in the process heating industry. The webinars are complimentary. Visit www.ihea.org and click on the "EVENTS & TRAINING" tab.  

Brian Kelly
President at Honeywell Thermal Solutions

Recently elected IHEA President Brian Kelly of Honeywell Thermal Solutions says, “IHEA is taking a leadership role because we see that this will be an ongoing and changing landscape for the industry for years to come. With the years of collective expertise of our membership we feel that we can provide information, education, and guidance to help everyone navigate what is sure to be a challenging environment.” Kelly continued by saying, “In the end, we want to be a source to count on to help our entire industry in their sustainability journey as it will be a long and winding road that will be different for everyone.” 

For more information:

Visit www.ihea.org. 

Find heat treating products and services when you search on Heat Treat Buyers Guide.com

 

New Sustainability & Decarbonization Initiatives for Heat Treat Read More »