Matrix started with a Pre-engineering phase and outlined what is needed to provide connectivity for the assets within the plant based on the use cases and requirements identified by the MES team. The engineering scope included connecting the assets identified in the pre-engineering phase to the data points required to provide plant-level visibility into current operations. Matrix’s design included adding a data concentrator PLC for the seven extrusion towers and mapping data from 40 assets on the various conversion lines. Many of these assets required the implementation of new network equipment, such as managed switches and even a wireless bridge, to communicate with devices inside a turret that continually spins with devices (assets) that need to be monitored from the MES system. Other assets were missing instrumentation, such as encoders and limit switches, which were key in collecting the required data for MES. Matrix worked with the plant to specify, set up, and install these required instrumentation pieces. Tag data was mapped in the PLCs using a common UDT structure that could be connected to object templates within the MES system. Once all the assets were connected from the PLCs to the network, data was mapped from a Kepware OPC server acting as a data gateway for the plant.

One of the important issues in this project was maintaining that the data for the plant floor was available only to the MES system using the OT network. To ensure that this traffic did not leave the OT network, we used VLANs on the OT-managed switches, and only computers directly attached to the OT network and the corresponding VLAN could capture this data.

Finally, Matrix worked with the plant to validate all the work done. We verified each connected asset as showing the correct information on the MES dashboard before the project “go live”. This iterative process involved jogging each asset through its various states and ensuring the correct instrument and data were captured on the dashboard. Additionally, production information, such as units produced, had to be validated as physically correct and matching in the MES. The last piece to “wrap” it all together was the changes to the palletization process. With the implementation of a new corner-applied pallet label, the information to be printed had to come from the MES. This involved the implementation of specialized printing software and programming changes to the overall flow of the palletizer process.

Considerations should be made when connecting to the plant floor assets at all times even when collecting data. Matrix has a department that specializes in networking and cyber security. Matrix’s Manufacturing Systems Infrastructure (MSI) department has put together some of the following considerations when setting up a connection to the plant floor.

One of the most essential items for any manufacturer should be monitoring their networks or having their networks monitored 24/7/365.

Stay current on the latest trends and training around bad actors and the superbugs that can be created daily. Plan your work and work your plan. Planning today for the future is an absolute must, especially if you’re looking to advance your digital transformation journey. A best-practices roadmap should include these four aspects:

1. Network mapping and connectivity analysis. Networking mapping helps you stay in touch with your system in real time (ideally). It provides the big picture of what is on your network and how it’s physically connected. Depending on the type of software and integration with the physical and logical infrastructure, it can give users things like a network inventory and how network devices are connected (to what switch and port). It may also be able to offer application visibility giving real-time insight into how devices are communicating. You need to know what you have and how it’s connected before you can protect it.

2. Consider installing a security information and event management (SIEM) system. An SIEM is a system that collects information from monitored nodes on a network. It contains the logic to take further action, such as creating notifications when it sees correlated bits of information that meet a certain criterion. The SIEM is one of the tools in establishing visibility into the day-to-day operations of the system, especially when needing to correlate events across multiple endpoints.

3. Consider multi-factor authentication (MFA) tools or some level of zero-trust framework. Multi-factor authentication increases the difficulty of bad actors being able to impersonate a user. Many systems get compromised using legitimate credentials that were stolen, often first from a lower privileged user. Once a baseline connectivity is established, a threat actor will then seek to gain elevated privileges to give them an authoritative foothold. By increasing the difficulty of exploiting stolen credentials, these types of attack can be reduced.

4. Research and select the right remote access tools. The right tool/remote access solution will have the following capabilities:

• Strong logging
• Multi-factor authentication
• Strict access control (who can connect, from what to what, when they can connect, from where can they connect, etc.)
• Encrypted communication
• Environmental governance (the remote user should not depend on anything residing on the device they are using to initiate the remote connection to perform tasks) All tools needed should be controlled and reside within the control system, the exception being the connection client itself.

Contact us today to learn more about how Matrix Technologies, Inc. can help you unlock the next frontier of manufacturing excellence. Together, let's turn data into action and transform the future of manufacturing.