Lost In Transfer. How To Safely Transfer Data From Machine-Tool Equipment To Business Systems

We are living in the age of the Fourth Industrial Revolution (Industry 4.0), with cyberphysical systems being introduced into factory processes everywhere. “Voiced a decade ago, today the initiative to boost the industry’s competitive power by enhancing the connection between the plant floor and business systems has become a reality for the Russian industry,” points out Cinimex’s CEO Andrey Sykulev. “Talking to customers from the manufacturing sector, we are seeing a growing need for interaction between their IT systems.” The expert explains that so far, the digital transformation has been rather fragmented. First, the companies implement an ERP system (Enterprise Resource Planning). Next, they get a lifecycle management system. Finally, at a certain stage of digital maturity, they get to the point when, on one hand, they see a need, and on the other – they have resources to connect their systems, which results in an enhanced inflow of orders, reduced downtime and, ultimately a tangible financial gain.

For an end-to-end project, you need not only a certain level of digital maturity, but also partners that can configure data capture according to company’s requirements and ensure secure data transfer to the business systems. JSC Lenpoligrafmash (Saint Petersburg) was able to make a small technological revolution at an isolated manufacturing facility with help of Cinimex (integrator) and NPO “Adaptive Industrial Technologies” (Aprotech, a subsidiary of Kaspersky Lab, which helps businesses to ensure a cyber-safe digital transformation), which assisted in “translating” data from machines to 1C in a secure environment.

Connecting machine-tools with accounting department

Frol Goryachev, Deputy General Director of KT-Segment (an IT division of Lenpoligrafmash), told Vedomosti that the factory approached implementation of a new solution that enables transfer of operational machinery data with a relatively high level of digital maturity. Lenpoligrafmash had already implemented a MES (Manufacturing Execution System) software, (which serves for synchronization, coordination, analysis, planning and optimization of manufacturing processes – “Vedomosti”), an ERP system, and a PDM system, which was used to automate design engineering processes. And yet, all data was entered manually, the company had no other means for transferring data.

“The manufacturing facility was steadily growing, and there came a time when we needed to have unbiased operational data from the machines, so that we could analyze our assets’ uptime and plan operations,” explained Frol Goryachev.

The expert provided an example: imagine that part of our manufacturing capacities are fully loaded, and we receive a new order for a batch of parts. We need to understand whether the factory can take another order. “At no manufacturing facility this decision can be based on what a plant floor manager “believes”, his rough guess on when the machine could be free”, points out the expert. “We needed to get a full picture of the manufacturing facility through an integrated system, so we know exactly how loaded is the machinery, and what will happen if we add more load.”

Another global goal pursued within the implementation of the end-to-end project was to enable the analysis of losses and deficiencies, and eventually find ways to rectify them, whether by adjusting technologies, or purchasing new equipment, or hiring new staff, or repairing the machinery and etc.

“Automatic data transfer to 1C has also taken us to a new level of opportunities when it comes to risk management and enhancing performance of other systems such as MES. With operational information from the plant floor, our planning system can make more accurate plans,” explains Frol Goryachev.

Connecting two worlds

The solution deployed in Lenpoligrafmash connects directly to the chip in the machine, captures data using the OPC UA protocol and sends it for further analysis, processing and translation into business metrics.

But to connect the two worlds ‒ the operational technology (OT) and information systems (IT), you need a “translator”, as industrial protocols are not compatible with business systems. “This means that data from the machinery needs to be converted into a format read by business systems. In case of Lenpoligrafmash, the format is 1С,” explains Andrey Sykulev. “To that end, Lenpoligrafmash used a so called message broker that accumulates all information gathered from the machine tools and 1C IIOT integration adapters that convert data.” Data “translation” is not the only challenge, we also need to make sure that the connection between OT and IT is secure. The OT and the IT are often located in different places both physically and virtually, and the space between them is swarming with viruses and cyber risks. Also, the OT is frequently restricted when it comes to going outside the internal contour.

“From our integrator experience, we are well aware of the importance of cyber security aspects of data transfer, they need to be factored in the solution as soon as the design stage,” Andrey Sykulev emphasizes. “If we don’t think the security aspect through early on, we would still have to integrate the cyber security solutions some time later, but it would cost us much more, exponentially more”.

Data transfer security for Lenpoligrafmash was enabled by an industrial data gateway Kaspersky IoT Secure Gateway 100. “This gateway is dual function: data transfer and cyber security of the connected devices and information transferred,” explains Aprotech CEO Maxim Karpukhin. “The gateway is built on KasperskyOS, which tightly integrates with the hardware component. The system’s correct operation cannot be disrupted even by an aggressive environment. In other words, the gateway is cyber-immune – it has an inbuilt resistance to cyberattacks, without any additional security tools. Therefore, it protects data from compromise and interception, as it is strictly transmitted in one direction only (owing to which the equipment is proof against unsanctioned connections from outside the network).”

The pilot phase is going strong

For now, only two of Lenpoligrafmash’s machine assets are sending data to 1C, the company is still testing the new functionality and studying the range of data that can be captured. “The system is under development, but we on the final stage of deployment,” explains Frol Goryachev.

According to Andrey Sykulev, an end-to-end solution is always implemented gradually, there has to be a pilot stage featuring very limited equipment. “The minimum time frame for a pilot is normally at least a month”, says Andrey Sykulev. “But we actually need this time not to test the system’s cyber immunity, because data security is innate,” explains Maxim Karpukhin. “The pilot stage is meant to demonstrate the value of the gathered information for business and identify the data that can provide the fullest idea about the manufacturing operations, and sometimes, you can only figure it out empirically.”

For instance, continues the expert, sometimes, information about the operating spindle time at a specific factory may not give a full picture, while other metrics such as electricity consumption or men-hours per shift can be critical for decision-making purposes. “By slightly reconfiguring the gateway, you can change the type of data it gathers,” explains Maxim Karpukhin. “But the most challenging part of such end-to-end solutions is to “marry” business and technology and identify which type of data present analytical value.” Normally, according to the expert, even when IIOT data collection is activated, only 15% of the data is collected (and most of it refers to whether the machine is running or not), the rest of the data simply perishes. Proper business analysis and operational performance evaluation requires a lot more information.

That said, according to Andrey Sykulev, every manufacturing facility would collect a different set of IIOT data, based on the client’s needs. Therefor, the value from implementing an end-to-end solution can vary from one enterprise to another. Some may see a 30% increase in revenue, others will register less impressive outcomes. Lenpoligrafmash have made their own assessment”.

“I can give you an example of losses evaluation,” says Frol Goryachev. “We took the two-week pilot phase, one machine, and calculated total losses – around 35,000 for two weeks”. Therefore, according to the expert, a small plant floor with 10 machines could see hundreds of thousands of rubles in downtime losses for two weeks, and year-end statistics would notch millions of rubles. “But the good news is that these losses are preventable, we have ideas on how they can be eliminated. But we would never be able to make the right decision without accurate operational data we now have owing to the end-to-end project,” points out Frol Goryachev.

In the near future...

So far, the Lenpoligrafmash project looks like an isolated revolution, there are still very few solutions for connecting OT and IT with inbuilt cyber immunity available on the market. “The first cyber immune gateway based on KasperskyOS appeared in 2021, and that was when we met Lenpoligrafmash and started tests,” says Maxim Karpukhin. But, according to Andrey Sykulev, these products are the future: “In the foreseeable future, when we will have gathered extensive experience with such integrations, there will be box solutions, which will make end-to-end projects significantly simpler and more affordable.”

Experts believe that the most promising sectors for end-to-end projects are those with advanced level of digital maturity such as machine industry, petroleum production, and mining industry. “These are the industries where evaluation of losses even in minor numbers can lead to substantial changes in marginality of end product,” says Maxim Karpukhin.

Источник: Vedomosti