Today’s News from Abroad installment highlights global accomplishments from pilot programs in gas recovery and a successful trial run of biomass usage in ferrochrome making to the first electric furnace for luxury bottles and state-of-the-art furnace upgrades – all with a goal of achieving production efficiency and sustainability.
Heat TreatTodaypartners with two international publications to deliver the latest news, tech tips, and cutting-edge articles that will serve our audience — manufacturers with in-house heat treat. heat processing, a Vulkan-Verlag GmbH publication, serves mostly the European and Asian heat treat markets, and Furnaces International, a Quartz Business Media publication, primarily serves the English-speaking globe.
Bolstering Sustainable Operations with Cutting Edge Gas Recovery
Industrial hydrogen recovery plant with process piping and equipment Source: Outokumpu
“Outokumpu, a supplier of sustainable stainless steel, and ON2Quest, an innovator in the field of industrial gas purification and generation, are piloting a cutting-edge gas recovery system that will enable the recovery of hydrogen from their production processes. The collaboration aims to enhance sustainable operational efficiency by integrating hydrogen recovery into the stainless steel production cycle at Outokumpu’s production plant in Krefeld, Germany. The gas recovery system is designed to recover hydrogen – a by-product of the stainless steel manufacturing process – where the gas will undergo a rigorous cleaning and compression process to ensure that it will be suitable for use again. The purified hydrogen will then be blended with natural gas, creating a hybrid fuel that will be used to power the burners.”
Reinforcing Capacities with State-of-the-Art Furnace Upgrades
Speira upgrades its plants in Grevenbroich and Töging with two new furnaces each. Source: Speira
“Speira, a European aluminum rolling and recycling company, is upgrading its plants in Grevenbroich and Töging with two new furnaces each, replacing the previous units with state-of-the-art systems. With the four tiltable rotary furnaces, the aluminum recycler is reinforcing its capacities specifically for the recycling of so-called ‘low grades’ such as heavily contaminated scrap and dross produced during the melting process. ‘We take a holistic view of our contribution to a functioning circular economy. That’s why we don’t just look at the pure, easy-to-recycle scraps, but also at the more difficult lower grades and by-products. Wherever aluminum is in it, we want to get the maximum out of it and put it back into the cycle,’ explains Ralf Köring, Head of Recycling Services, which are provided for Speira’s other business areas as well as for external customers, for example in the automotive and packaging industries. Speira is investing around eleven million euros in the four furnaces. This includes charging machines, suction hoods, thermal afterburners, piping and other infrastructure.”
Biomass Usage in Ferrochrome Trial Marks Progress in Reducing Carbon Footprint
Tata successfully conducts trial of biomass usage at Ferrochrome Plant. Source: Tata Steel
“Tata Steel, has successfully conducted the trial of biomass usage in ferrochrome making at its Ferrochrome Plant in Athagarh of Odisha’s Cuttack district. The plant, operating under the Ferro Alloys and Minerals Division (FAMD) of the company, becomes first in India to have performed the trial run as part of its sustainable alternative to traditional carbon sources. Marking a significant step towards sustainable ferrochrome production and reducing the carbon footprint, the trial involved substitution of conventional fossil fuels with biomass, a renewable energy source derived from organic materials. This initiative is expected to lower CO2 emission by 0.08/t of Ferrochrome (5% use of biomass) which is around 6% of total CO2 emission from Ferrochrome plant.”
France’s First Electric Furnace To Impact Sourcing Green Energy
Groupe Pochet and ABO Wind join forces to source first electric furnace in France. Source: Groupe Prochet
“Groupe Pochet and ABO Wind announce the signing of a power purchase agreement (PPA) for the commissioning of the developer’s largest photovoltaic (PV) park in France. The PV park, with an installed capacity of around 20 MWp, will be in operation by early 2025, and will accompany the project to build France’s first electric furnace for luxury bottles. Through this agreement, Groupe Pochet is acting to reduce its impact on the planet by sourcing green energy and securing the long-term purchase price of electricity. Pursuing its ‘Sustainable Beauty’ CSR roadmap, and in line with its decarbonization plan, Groupe Pochet has teamed up with ABO Wind, a major player in the development of renewable energies worldwide, by signing a 20-year Power Purchase Agreement. As a major project under the decarbonization plan, the electric furnace, which will be operational by the end of 2024, will be partly supplied by green energy from the future photovoltaic plant.”
Adamus, a punch tool manufacturer for the pharmaceutical industry, has enhanced its heat treating operations with a vacuum furnace. The company manufactures punch tools and spare parts for tablet presses, capsule presses, and blister machines, and the new furnace is intended for processing a wide range of punches used in tablet production.
Maciej Korecki Vice President, Vacuum Furnace Segment SECO/WARWICK Source: SECO/WARWICK
“Adamus contacted us for the fourth time,” said Maciej Korecki, vice president of the vacuum furnaces segment at SECO/WARWICK. “This time, the partner wanted to replace an older, inefficient vacuum furnace with oil hardening, with a modern, more ecological and more economical vacuum furnace with gas hardening. Vector will perfectly meet these needs. It is compact, so it will not take up much space, it is efficient and ensures process purity, which is extremely important in the pharmaceutical industry.”
Vector vacuum furnace Source: SECO/WARWICK
The Vector vacuum furnace on order solves Adamus’s challenge to grow production in order to meet their increased demand for the number of punch hardening processes for tablet production. The presses produce components that are integral to the manufacturing process in the pharmaceutical industry, which maintains demanding standards, procedures, and technical parameters.
“The challenge is the constantly growing demand for our punches and spare parts used for units operating in pharmaceutical plants,” said a representative of Adamus, based in Poland. “However, it is important to choose well-thought-out solutions which will be used in many processes when expanding the machine park, ensuring the highest quality of production.”
The press release is available in its original form here.
Joe Coleman, cybersecurity officer at Bluestreak Compliance, discusses critical aspects of NIST 800-171 and CMMC with host Doug Glenn. Joe touches on how to become compliant, how long compliance takes, compliance pricing, and the limitations companies may face if not compliant. Learn more in this episode of Heat TreatRadio.
Below, you can watch the video, listen to the podcast by clicking on the audio play button, or read an edited transcript.
The following transcript has been edited for your reading enjoyment.
What Is CMMC? (03:34)
Doug Glenn: Let’s jump in. Cybersecurity, while it’s not unique to heat treaters, is across all manufacturing sectors. But there are some unique elements of it that tie into the metal treating industry.
Let’s start with some basic definitions for those who don’t know: What is CMMC and what’s the purpose of it?
Joe Coleman: CMMC stands for Cybersecurity Maturity Model Certification. And we’re currently on version 2.0. It’s a verification program to ensure that defense contractors and subcontractors are able to protect sensitive information from the DoD (Department of Defense). That includes FCI, which is federal contract information, and CUI — or some people call it “coui” — which is Controlled Unclassified Information.
Cybersecurity acronyms “cheat sheet” available as a free download. Click on the image for a link.
It’s going to affect about 300,000 companies in the U.S. Also, it’s going to start impacting companies later this year or early next year. That’s when it’s said to be fully released, and they’ll start adding it to contracts and RFQs and things like that.
Doug Glenn: So, in CMMC 2.0 version, the DoD is asking companies, “Do you comply with CMMC 2.0?”
Joe Coleman: Rather, it is saying you must comply by 2025 and at a certain level; there are three levels.
Doug Glenn: What are these requirements based on?
Joe Coleman: DFARS 252.204-7012 was implemented in 2016. In it, they were saying that people must be NIST 800-171 compliant by December 2017. If you’re not, you’re way behind the ball. They just haven’t pushed it until recently. Now they’re really pushing it. It’s based on NIST 800-171 recommendations — that’s Rev 2, and a subset of NIST 800-172.
Doug Glenn: You mentioned DFARS. Can you just briefly explain that?
Joe Coleman: DFARS is Defense Federal Acquisition Regulation Supplement.
Doug Glenn: Also, I’m kind of curious about this: Who’s actually pushing it? Is it the Department of Defense, or is it government in general, or is it controlled by (kind of like Nadcap and things of that sort) an independent organization outside of the federal government?
Joe Coleman: No, CMMC does cover other things, but it’s mostly by the DoD. They are the ones pushing itbecause of foreign adversaries stealing our information and ransomware attacks and things like that.
Doug Glenn: Right, okay. So that’s CMMC 2.0. Is NIST 800-171 is a sub part of that, or is NIST 800-171 something different?
Joe Coleman: That’s something different. NIST 800-171 is published by the National Institute of Standards and Technologies. DoD doesn’t have a lot to do with NIST. They are two different standards; the DoD is just borrowing NIST 800-171 for CMMC’s requirements.
Doug Glenn: I see. They’re using NIST’s package that’s already there as part of their requirement.
I think you’ve already kind of hit on it, but let’s just be explicit about it. What started the push by the DoD to require CMMC or require any type of enhanced security?
Joe Coleman: The DoD finally realized just how vulnerable defense contractors are and how vulnerable their computer systems and networks are to cyberattacks and to sensitive information being leaked by the DoD or contractors, that kind of thing. They’re trying to pull everything together to improve national security and to help secure this important data.
Doug Glenn: So, in a sense, it’s really the DoD just trying to cover their rear end, so to speak, and protect sensitive, national defense type information.
What Is DFARS? (08:45)
We talked about DFARs briefly. I’ve heard a DFARS interim rule mentioned. What is that?
Defining DFARS
Joe Coleman: That came about in November of 2020. It plays along with the DFARS 7012 — 252.204-7012. They came up with three new clauses to improve how cybersecurity is handled and enforced.
The first one is clause 252.204-7019. It mandates that you when you do your assessment: you come up with an assessment score based on 110 controls, and your score can be from a positive 110 (the perfect score) to a negative 203. That score needs to be turned into the SPRS, the Supplier Performance Risk System, so other companies can see what your score is.
So, 7019 mandates that you do turn in your score and that it can be no older than three years old. They are requesting that if they say you’re DFARS-required on a contract, things like that, you need to be NIST 800-171 compliant.
The next one is 252.204-7020. And that one states that you have to give full access to your company — your internet system, your IT, all of your information, and your employees, if they decide to come in and do a medium or high assessment or just an audit. You will have to turn over that control to them.
Joe Coleman: There are three different levels of assessments that can be done under NIST 800-171. There is a basic level which you attest yourself. It’s all self-attestation for NIST 800-171. There’s a medium level which means you have to have a DoD official come in and do your final assessment. And then there’s a high, which you also need a DoD official to come in and do that. The majority of them are basics, which you can self-attest to.
Doug Glenn: How does a company know if they need to even have the CMMC?
Joe Coleman: If your company is a defense contractor, subcontractor, vendor/supplier, or if you’re in the DIB (the defense industrial base), you will need to be compliant if you process, store, transmit, or handle FCI or CUI in any way. If you handle CUI or FCI, you must become CMMC certified at one level or another.
Doug Glenn: Let’s just take an example. Say I’m almost third tier down in a supply chain, and the guy I’m doing business for is obviously doing defense work. Do I need to be CMMC certified at that point, even on the basic level?
Joe Coleman: Well, it depends on what type of data you’re handling. There is a flow down process. It starts with the prime contractor. Then it goes to the contractor and then on down the line. And if you are dealing with CUI or FCI, you need to have that same certification level as your client or as your contractor.
Doug Glenn: Would my client in that case, the person I’m doing business with, would it be incumbent upon them to tell me that I am dealing with FCI or CUI?
Joe Coleman: Yes. It would be in your contract.
Doug Glenn: If someone listening has a specific question about whether they’re required, I’m sure they could contact you and you could probably help them on that just to make sure.
Joe Coleman: Anytime. I also have an ebook that I made that is ready to be sent out, so I can always send them a free copy of that.
Doug Glenn: Now, I think you’ve already answered this question, but how many maturity levels are in CMMC and what are they?
Joe Coleman: A little, there are three levels. There is level one, which is the foundational level, and that is for contractors or vendors or suppliers that deal with only FCI. They do not deal with CUI. So, there’s a much smaller set of requirements for level one. And about 60% of the 300,000 companies will be going for level one.
Then there’s level two, which is advanced, and that is for contractors and vendors and suppliers that deal with CUI in any way. It can come in an email and leave. But as long as they have access to CUI, they need to be at least a level two certification. And there are about 80,000 companies that are going to be impacted by that of the 300,000.
Level three is expert, and level three is based on the 110 controls in NIST 800-171 plus a subset of controls that are in 800-172. Level two mirrors NIST 800-171. It’s borrowing all the requirements from NIST 800-171, enhancing them a little bit, and putting them into CMMC. So, there are a few more hoops you have to jump through to be CMMC certified.
Doug Glenn: We’ve talked about two different sets of levels. We talked about a basic, medium, and high. And then we talked about level one, two, and three. Are these things the same or are they different? Can you help me understand the difference between those?
Joe Coleman: The basic, medium, and high is an assessment level that assesses your whole system and facility, and that’s based on NIST 800-171. CMMC, you have three different maturity levels, and that’s level one, level two, and level three.
Doug Glenn: When you say maturity levels, that shows the degree to which your company has gone to implement these things.
Joe Coleman: Yes. It is a certification.
On CMMC level one, you can self-attest your own certification. Level two and level three, you will have to have it’s called C3PAO (or a CMMC third-party assessment organization). They will have to come in and do your final assessment. Bluestreak Compliance can take you all the way to that assessment audit ready. But then you’ll have to have a C3PAO come in and do the final audit and the certification level.
Doug Glenn: That was going to be one of my questions because you guys mentioned that you’re a registered practitioner organization. You don’t actually do the assessments, but you can get everybody up to the door, right? You prepare them for it?
Joe Coleman: Yes. You would need a CMMC certified assessor to do that.
Doug Glenn: All right. And when is all this going to be required? Right now, it’s not required but it will be required?
CMMC: Mark Your Calendars! Companies will need to prepare for the eventual implementation of CMMC level two certification. A phased rollout is planned to simplify the process; however, a shortage of registered practitioner organizations (RPO) may lead to a backlog.
Joe Coleman: CMMC is not required currently. It’s in the last phase of being released for approval. Either late this year or early next year, it’s going to be a phased rollout. Later this year or early next year, you’re going to have phase one, which is that if you need to be level one certified, you will need to become certified right away. That’s the one you can self-attest.
Six months after that, they’re going to start requiring that CMMC level two is implemented. This means you’ll have to go through the process of getting a C3PAO. And that’s when it comes time to hire an RPO (registered practitioner organization), because they’ve got the training and the certification to get you there.
Now, one thing on the C3PAO: there are currently only 54 C3PAOs in the entire country. So, there’s going to be a huge backlog. You could be talking a year backlog, so plan accordingly.
Finally, at level three, an enhanced version of level two because it has more requirements, you’re also requiring a C3PAO for certification.
What’s Involved in Becoming NIST Compliant? (21:14)
Doug Glenn: Joe, let’s talk for a second about the process, if you will. What’s involved in becoming CMMC certified?
Joe Coleman: That all depends on if you are NIST 800-171 compliant already. If you are not NIST compliant already, you need to get NIST compliant as soon as possible. That has a big impact on your CMMC implementation.
Doug Glenn: Can you address that then: What do you have to do to become NIST compliant?
Joe Coleman: To become compliant, you have to do an assessment on your network and your facilities to come up with an assessment score. So, it’s the same as CMMC.
Then, you will have to do a gap analysis. You will come up with a POAM list (a plan of action and milestones); that is your to-do list based on your assessment, your shortcomings, or what you’re not compliant to. And you’ll need to come up with a system security plan (an SSP). That’s mandatory; you cannot be compliant without an SSP.
Once you get your SSP and your POAM list, then you need to take your score, your beginning score/baseline score, and submit that to the SPRS. And that is the library that holds all of the scores and shows your level.
From there, you start remediating and implementing your POAM list. But that also includes coming up with policies and procedures, plans, and a lot of documentation — everything gets documented based on where you stand and where you’re going, until the end when you do your final score.
Now, the SSP is a living document. It’s going to constantly change. If you have a change in your network, a major change, you’ll need to go in and update that right away.
How To Become CMMC Compliant? (23:46)
Doug Glenn: So that’s how you get to be NIST compliant. For CMMC, is there more to it?
Joe Coleman: There’s a few more requirements in CMMC, but the major difference is that with NIST 800-171 it’s all self-attestation. CMMC you will need to have a C3PAO.
Doug Glenn: That is, somebody’s going to need an outside validator, so to speak.
Joe Coleman: And they’re very expensive.
Now, another reason they came up with CMMC is because people were saying that they were compliant to NIST 800-171, and they really weren’t. That gets into the False Claims Act and things like that. They really go after people that do that.
Doug Glenn: Yeah. Any sense of the time frame for either becoming NIST compliant and/or CMMC compliant?
Joe Coleman: If you are not NIST compliant yet, that can take up to 6 to 12 months. I’ve seen it take more. You can do CMMC and NIST together if you need to because you’re using the same documents. If you’re not NIST compliant, that can take up to 18 months or more. If you are NIST compliant already, you’re talking 6 to 12 months to be CMMC certified.
Joe discusses the limitations of not being NIST compliant.
Doug Glenn: Okay. You just alluded to it, but I just want to make it clear. Can you do them both at the same time in parallel tracks?
Joe Coleman: Yeah, I’m working with clients that are not currently NIST compliant. So, we’re just rolling it into one using the same documents. It’s just that we’ll have to have a different assessor at the end.
Doug Glenn: Let’s say a company just decides they’re not going to be either NIST or CMMC compliant. You can still be a company, right?
Joe Coleman: Oh yeah, you can still do business; you just can’t do business with the DoD. A lot of companies base it on how much of their workload or how much of their business percentage is based on DoD work or from a contractor or subcontractor. If it’s 1%, 2%, 3%, 5%, you need to take a good hard look and say, is it worth putting a lot of money into?
Cost of Certification (26:52)
Doug Glenn: So, they can still be in business and doing well, but they just can’t do any DoD work. So, any ballpark figures? And I realize this probably varies widely depending on the size of the company and everything, but any ballpark sense of how much change we’re talking about here?
Joe Coleman: There’s no official word from the DoD on this, but there are some guesses out there. For NIST 800-171 compliance, depending on your current cybersecurity program that you currently have and how involved it is, I’ve seen it from $15,000 to $60,000.
Doug Glenn: Okay. That’s just for NIST?
Joe Coleman: Just for NIST. For CMMC, and again depending on if you’re NIST compliant, if you are not NIST compliant you’re going to do them together, it could be over $200K (probably easily) to become CMMC certified because you’re also becoming NIST compliant.
Doug Glenn: I’m curious. How come it’s going to cost you maybe 3x as much?
Joe Coleman: One of the main reasons is that with CMMC, you’ll want to hire a registered practitioner organization to guide you through the process and to do the documentation for you. The other is the C3PAO. There are only 54, and they can name their own price.
I can imagine it’s going to be over $100K just for the final assessment.
Doug Glenn: Right, that’s helpful. I think that gives everybody a pretty good sense of what we’re talking about here with CMMC 2.0 and NIST 800-171.
What Can a Registered Practitioner Do for You? (29:02)
Your division of your company, which is Bluestreak Compliance (you’ve already mentioned you’re a registered practitioner), can you give a brief summary of what it is? What do you guys bring to the table?
Joe Coleman: A registered practitioner organization has been certified by the Cyber Accreditation Board (Cyber AB), or CMMC accreditation body. A registered practitioner organization (RPO) works with and hires RPs (registered practitioners) or RPAs (registered practitioner advanced). I happen to be an RPA. And we’ve gone through all the training that we need to have so that the Cyber AB says, okay, you are qualified to do this.
So, when I quote a job, I usually quote it two different ways. One way is just guiding you through the process, so you’re going to do all the heavy lifting. I can supply you with templates and things like that for your documentation and guide you through each step. Or I can quote it where we manage the whole process. We will do all your documentation for you.
Joe Coleman: “You’re going to have at least 1 or 2 full-time employees doing nothing but this.”
Your team will have to be involved in the implementation process. And that’s true both ways. But we normally quote it two different ways, and they choose which one they want based on their budget and things like that.
Doug Glenn: It sounds like what you’re bringing to the table is the ability to get that company from where they are now, wherever they self-assess to start with, up to the point where they can bring in one of the third-party auditors and actually have a reasonable shot at passing the CMMC 2.0 assessment.
Joe Coleman: Correct. And it’s going to take a lot of input from the client or from the companies, too, because you’re going to have at least 1 or 2 full-time employees doing nothing but this. You’ve got to build that cost into it.
That’s what I tell people when we say we can quote it either guiding you or leading the project. It’s not as much work if I am leading the project. But if I’m not leading the project, you’re going to need a team of people to do this. It’s a lot of work.
Cybersecurity Areas To Be Aware Of (31:48)
Doug Glenn: I’m not sure there is an easy answer to this question, but can you give a list of top 3 to 4, or 4 to 5, areas that a company needs to look at when they start doing the NIST and CMMC checklists? Where do you see most companies falling down, or what are the areas they need to be aware of?
Joe Coleman: A lot of the smaller companies do not have a robust cybersecurity program. That is going to be a big pitfall. That’s going to be a big jump for them, not just the work that they have to put into it, but the expense; a lot of small companies just can’t afford that.
Joe Coleman: Some of the things are making sure that your network is totally secure and locked down, firewalls. Along with that, you’re going to need endpoint protection on all your devices, mobile device manager. You’re going to have to track every device that has access or could have access to CUI. You have to have a full inventory of that. Your IT system has to be locked down.
Now, this also includes your facility; it includes physical security. That’s talking about your door locks, your alarm systems, things that are going to protect CUI. Camera systems, your server rooms have to be locked down. It’s a lot of physical security, too.
Doug Glenn: Interesting. As well as the protocols for how you handle emails, how data is transferred, where it’s stored, and backups, stuff like that?
Joe Coleman:Yes. And you need to have a policy and a procedure for each one of those. They have to be fully documented every step of the way.
Doug Glenn: Wow. Okay. Sounds like fun, Joe.
Joe Coleman: It is. I enjoy it, but it’s a lot of work.
Doug Glenn: Well, that’s good, I appreciate it. The columns and things that you’ve written for our publication have been helpful to people, I know. And I think this podcast will also be helpful to them. But do you know, for those who are listening and might be attending Furnaces North America, do you know when your talk is?
Joe Coleman: It’s going to be on the 16th at 8:50 a.m., and it’s in room 222.
Doug Glenn: All right.
All right, Joe. Thank you very much. I appreciate your time. We’ll look forward to more of your input.
Thanks everyone for listening.
About The Guest
Joe Coleman Cyber Security Officer Bluestreak Consulting
Joe Coleman is the cybersecurity officer at Bluestreak Compliance, which is a division of Bluestreak | Bright AM™. Joe has over 35 years of diverse manufacturing and engineering experience. His background includes extensive training in cybersecurity, a career as a machinist, machining manager, and an early additive manufacturing (AM) pioneer. Joe will be speaking at the Furnaces North America (FNA 2024) convention, presenting on DFARS, NIST 800-171, and CMMC 2.0.
Steelmaker Sanbao Group has expanded its heat treatment operations with three annealing and coating lines for non-grain oriented (NGO) silicon steel. The equipment enhancement is part of the company’s entry into the field of silicon steel production.
Sanbao contracted with Tenova LOI Thermprocess, an industrial furnace supplier, for the heat treatment furnaces intended for processing metals. Two electric arc furnaces (EAF) previously supplied by Tenova Group have been installed and put into operation.
A signing ceremony was held at the headquarters of Sanbao Iron & Steel Co., Ltd., in Zhangzhou, China, as part of the company’s “Cold rolled Silicon Steel and Metal Products Deep Processing Project”, a new greenfield project for electrical steel that aims to obtain the highest surface quality and best magnetic properties in NGO electrical steel for Southeast China.
Sascha Bothen Senior Vice President of Sales Tenova LOI Thermprocess Source: LinkedIn
“Tenova and Sanbao have already collaborated successfully establishing Tenova’s Consteel® technology and the successful references of Tenova LOI Thermprocess in the heat treatment of electrical steel and great efforts in the research & development in this sector fully convinced us to this investment,” stated Wang Guangwen, chairman of Sanbao Group.
“It was a great honor for us to participate in the signing ceremony of the Sanbao Group in Zhangzhou, which emphasizes their trust in our technology,” stated Sascha Bothen, senior vice president sales, Tenova LOI Thermprocess. “We are proud to further strengthen the cooperation and work together to help propel forward the green energy transition in the steel industry.”
Included in the featured image: Wang Guangwen, chairman of Sanbao Group; Dong Guibo, vice general manager of Sanbao Group; Sascha Bothen, senior vice president of sales, Tenova LOI Thermprocess; and Wolfgang Eggert, general sales manager, Tenova LOI Thermprocess.
The press release is available in its original form here.
Stainless steel has crept into our kitchens and now also our garages, the Tesla Cybertruck being the latest product to sport a stainless steel layer. What most people don’t realize is that while stainless steel is corrosion resistant, it will rust in a lot of circumstances. In this Technical Tuesday article, Sarah Jordan explores how stainless steel can be compromised by improper heat treatment and the steps heat treaters can take to prevent corrosion.
This column was adapted from a #MetallurgyMonday post written by Sarah Jordan in June 2024 and shared at her LinkedIn account. It appeared as an article in Heat Treat Today’sAugust 2024 Automotive print edition.
I’m starting to see Cybertrucks out in the wild more, so I decided to talk about stainless corrosion for #MetallurgyMonday. (If you don’t know what #MetallurgyMonday is, it is a weekly educational post on metallurgy topics that I’ve been writing on LinkedIn for the past two years.)
First a little up front. I’m not a fan of the aesthetics of the Tesla Cybertruck. Plus, we need about twice the load capacity for our work purposes since Skuld actually uses our truck as a truck.
More to the point, stainless steel is not rust proof. It is corrosion resistant and will rust in a lot of circumstances.
To understand why, we need to understand what prevents corrosion in the first place. The key elements are chromium and nickel. Chromium reacts with oxygen to create a thin layer of chromium oxide. This is on the surface and blocks further oxidizing of the underlying layers. Meanwhile, the nickel enhances the corrosion resistance. It also makes the material more formable and weldable.
The short story is that if the chromium oxide layer gets compromised, stainless steel will corrode.
Improper heat treating can also contribute to stress corrosion cracking.
Sarah Jordan
Pitting corrosion: If you have a scratch or a pit, this can damage the protective film, and then corrosion begins. It’s worse in environments with chloride ions, such as seawater or pool water. Chlorides break down the passive layer, leading to rapid and severe corrosion in small areas.
Crevice corrosion: This occurs when two objects come together, especially things like fasteners or where there is a gasket. Inside the crevice you will have a lack of oxygen. The lack of oxygen prevents the reformation of the protective chromium oxide layer. Once corrosion gets started, it can get very severe by propagating in the crevice.
Stress corrosion cracking (SCC): Corrosion is made worse where there is a combined effect of tensile stress and a corrosive environment. It typically affects stainless steel used in structural applications that are exposed to chloride or sulfides. SCC can cause sudden and catastrophic failure of the metal structure.
Galvanic corrosion: Galvanic corrosion happens when two metals are put together. One of them almost always wants to preferentially corrode. The one that corrodes is the one that is higher on the galvanic series.
Intergranular corrosion (IGC): Sometimes this is called intergranular attack (IGA). In this case, corrosion occurs preferentially at grain boundaries. This can occur in stainless if the grain boundaries get depleted of chromium because a minimum amount is needed to ensure the passive film can form to protect the metal. When this occurs, there can also be localized galvanic corrosion.
Composition variation: If the composition has segregation, then there are some areas that have less of the corrosion-helping elements. And on top of that, galvanic corrosion can start happening within the material.
What does all of this have to do with heat treating? Improper heat treating can contribute to corrosion.
For instance, intergranular corrosion can be caused if the material is exposed to 842–1562°F (450–850°C) for too long as this will cause chromium carbide to form at the grain boundaries and deplete the chromium. This process is called “sensitization.” It is avoided by making sure quench rates are fast enough through the risky temperature range.
A somewhat similar situation can occur during heat treating if sigma phase forms in super duplex stainless steel. Sigma phase is an iron chromium phase which can also deplete the chromium.
Improper heat treating can also contribute to stress corrosion cracking. When material is quenched, it can cause residual stresses that, if not relieved, can become an issue.
Corrosion in stainless steel can often be traced to improper heat treatment. When stainless steel is heated between 842–1562°F (450–850°C), chromium carbides can form at the grain boundaries, depleting the surrounding areas of chromium and making them susceptible to corrosion.
All of this to say, things like the Cybertruck (or for that matter stainless fridges and appliances) can be prone to corrosion since they are exposed to a lot of abuse and aggressive environments. It is critical to ensure they are properly manufactured, including good heat treating practices. It is also critical to provide them with proper maintenance to keep the corrosion resistance and appearance lasting as long as possible.
About the Author:
Sarah Jordan Founder & CEO Skuld, LLC Source: Author
Sarah Jordan is an accomplished metallurgical engineer and entrepreneur. She received a bachelor’s of science and master’s of science in this discipline from The Ohio State University and has been pursuing a PhD in Metallurgical Engineering from WPI. Skuld is a certified WOSB and EDWOSB startup focused on 3D printing, advanced manufacturing, and advanced materials.
An isostatic press manufacturer based in Columbus, Ohio, has expanded its operations facility to increase its heat treating capacity and technological capabilities.
Amercian Isostatic Presses, Inc., which manufactures temperature and pressure products, including hot isostatic pressing (HIP), cold isostatic pressing (CIP), warm isostatic pressing (WIP), SinterHIPs, vacuum furnaces, and other equipment and accessories, serves the aerospace, automotive, energy, defense, and medical sectors.
Hot isostatic pressing (HIPing) is most commonly used in the medical and aerospace industries. The HIPing process is a high pressure, high temperature technique that can be used for both composite materials and powder metals. HIPing results in the decreased porosity in parts and a densification in powder metals.
HIPing is in an autoclave style furnace, where parts are exposed to high temperatures and high gas pressure and later cooled. Parts made of tool steel, duplex, martensitic, and austenitic stainless steels, nickel-based alloys, cobalt-based alloys, titanium and even some carbon steels are frequently HIPed. The combination of temperature and pressure reduces the part’s porosity while maintaining its original shape. Decreased porosity gives the finished component part increased mechanical properties.
An automotive component supplier has digitized its heat treatment operations with the implementation of a digitalization platform, an upgrade intended to align the company’s operations with the accuracy and precision requirements of the global automotive market.
Daniel Gonschorek Sales Manager UPC-Marathon Technical Source: LinkedIn
With this upgrade, the manufacturer has transitioned from using multiple systems to manage its heat treatment processes, streamlining furnace operations with the QMULUS digitalization platform from UPC-Marathon, a Nitrex company.
“Our collaboration with this tier 1/2 supplier has yielded significant improvements in their operational workflows,” said Daniel Gonschorek, technical sales manager at UPC-Marathon.
“The integration of QMULUS is not only advancing their internal processes but also delivering tangible gains in efficiency and performance,” he added. “By enhancing production efficiencies and reducing waste, QMULUS supports their commitment to innovation and aligns with the highest quality and sustainability standards. This digital transformation positions them strongly within the competitive automotive supply chain.”
The press release is available in its original form here.
A manufacturer of wind and gas turbines is bolstering its heat treatment capabilities with a vacuum furnace to process oversized gas turbine structural components.
Maciej Korecki Vice President of Vacuum Business Segment SECO/WARWICK Source: SECO/WARWICK.com
The vacuum furnace provides a work zone that accommodates the company’s need to heat treat large-sized parts and uses three process gases, argon, nitrogen, and hydrogen, to increase the process purity and reduce gas consumption costs during the cooling process. This is the eighth vacuum furnace the company has purchased from SECO/WARWICKand will be installed at the manufacturer’s European location.
“The demand for gas and wind turbines is systematically growing all over the world, and renewable energy is currently the focus of attention in all industries. It plays an important role in mitigating climate change, which is why it is important for us to be able to support a Partner who focuses on sustainable, renewable, and unlimited green energy,” said Maciej Korecki, vice president of the vacuum segment, SECO/WARWICK Group.
“The furnace’s three-gas partial pressure system helps prevent evaporation and sublimation of alloying elements from the load surface during vacuum heat treatment or vacuum brazing. Partial pressure control is important when processing many materials to prevent the hot zone evaporation and contamination,” said Kamil Siedlecki, sales manager at SECO/WARWICK.
The press release is available in its original form here.
The four heat treat industry-specific economic indicators have been gathered by Heat Treat Today each month since June 2023. Last month, suppliers had anticipated most indicators to grow. This month, the four economic indicators are split between anticipated growth and no change or contraction.
The numbers, which were compiled in the first week of September, show that responding parties expect the economy to experience growth in two of the four indices, in the number of inquiries and value of bookings. Anticipation for growth in backlog size is neutral, and suppliers anticipate contraction in health of the manufacturing economy.
The results from this month’s survey (September) are as follows; numbers above 50 indicate growth, numbers below 50 indicate contraction, and the number 50 indicates no change:
Anticipated change in Number of Inquiries from August to September: 54.0
Anticipated change in Value of Bookings from August to September:51.5
Anticipated change in Backlog Size from August to September: 50.0
Anticipated change in Health of the Manufacturing Economy from August to September: 41.4
Data for September 2024
The four index numbers are reported monthly by Heat Treat Today and made available on the website.
Heat TreatToday’sEconomic Indicatorsmeasure and report on four heat treat industry indices. Each month, approximately 800 individuals who classify themselves as suppliers to the North American heat treat industry receive the survey. Above are the results. Data started being collected in June 2023. If you would like to participate in the monthly survey, please click here to subscribe.
Find heat treating products and services when you search on Heat Treat Buyers Guide.com
What are advanced management systems and how does deep integrative system management software help automotive heat treaters improve processes while saving on time and unnecessary expenses? Explore the future of software technology for the management of heat treating operations in this Technical Tuesday by Sefi Grossman, founder and CEO of CombustionOS.
The heat treating industry is on the brink of a technological transformation. Just as the momentous adoption of websites and emails transformed the nature of work for manufacturers, the advanced software systems are thrusting us into a new era of simplicity, automation, and deep integrations.
This article explores how advanced systems — an application of ERP (enterprise resource planning) and MES (manufacturing execution systems) combined with the power of AI — is revolutionizing facility operations, enhancing quality, efficiency, and profitability.
What Are Advanced Systems?
Advanced systems simplify, streamline, and automate operations by lifting the data burden off of plant personnel. While most existing systems focus on the part inventory workflow, more advanced systems go beyond by directly integrating into the heat treat process to track at bin/tray/tree level.
This requires real-time scheduling control, barcode scanning, digitizing recipe and process (no more paper), and direct sensor/PLC integration. Because of its critical nature, an advanced system is most likely an on-premise and cloud “hybrid solution” that is not crippled by internet connectivity issues. This allows it to still utilize rapidly evolving cloud systems that provide external services like messaging, big data storage, and AI to name a few.
Precise Processing
Figure 1. CombustionOS developers spend extensive time with operators and plant managers to create interfaces that are intuitive and easy to use. Pictured is access to job data stats from a mobile device being used outside of the manufacturing plant.
Repeatable, accurate methods to ensure optimal time, temperature, and atmosphere of the decided heat treatment processes are possible with advanced systems.
Utilizing existing sensors and hardware interfaces, data is collected in short intervals, transformed into meaningful data formats, and stored in a database. Network technologies such as HTTP, Modbus, and other analog to AI technologies make this possible with minimum additional hardware. The data is managed locally on the facility network, and synchronized with cloud services for further processing, analysis, and long-term history storage.
With a close monitoring of all these variables, facilities can tighten acceptable specification ranges. Deep integration with equipment ensures that data flows seamlessly from sensors and devices to the central system.
This real-time data collection and processing enables facilities to monitor operations continuously and make informed decisions quickly. For example, integrating data from temperature sensors, pressure gauges, and other monitoring devices ensures that all critical parameters are tracked and managed effectively. Additionally, if a temperature reading deviates from the acceptable range, the system can immediately alert the relevant personnel, allowing them to take corrective action before it becomes a critical issue.
In addition to quality assurance, integrated artificial intelligence tools optimize job scheduling. Unlike traditional date/time calendar methods, AI systems predict job completion times based on real-time process data. This is particularly useful for roller furnace setups, where continuous processing occurs, but it is also beneficial for batch furnaces. Optimized scheduling improves resource allocation and operational efficiency, ensuring that jobs are completed on time and to the required specifications. The difference between a “calculation algorithm” and AI is that, with AI, you do not have to pre-program it. It automatically learns and adjusts for known variability in your hardware and even the personnel that are operating the equipment.
Finally, the automation of these systems captures and records all necessary information accurately. This reduces the risk of non-compliance, improving the overall quality of the final product. For example, a Detroit-based heat treating facility reported that accessing real time data to ensure compliance with industry standards has allowed them to spend 40% less time on documentation tasks.
Figure 2. Having increased control over the process gives more peace of mind to operators that components perform as needed.
Alleviating Burden on Maintenance and Inventory
Predictive maintenance is one of the most significant applications of AI in the heat treating industry. Traditional maintenance schedules are often based on fixed intervals, which can lead to unnecessary downtime or unexpected failures. AI driven predictive maintenance, on the other hand, uses real-time data to determine the optimal times for maintenance activities. This approach not only reduces downtime but also extends the lifespan of equipment.
A Detroit-based heat treating facility implemented an AI-driven predictive maintenance system (PMs) and saw a 25% reduction in equipment downtime. By analyzing data from critical parts, inventory, process tracking history, and various sensors, the AI system could predict when components were likely to fail, allowing the maintenance team to inspect and address issues proactively beyond their standard PMs. This not only improved operational efficiency, but also saved significant costs associated with emergency repairs and unplanned downtime.
Additionally, the integration of QR codes for inventory and process tracking enables quick and accurate data entry compared to manual logging. For instance, when racking parts out of bins, operators can simply scan QR codes, which automatically update the system with the relevant information. This not only speeds up the process but also minimizes the chances of human error.
Reducing Operational Costs
The adoption of advanced ERP and MES systems has led to substantial cost savings for many facilities. These systems reduce operational costs through the implicit automated integrations that technologies like CombustionOS bring. Here are just a few ways that operational costs have been cut:
Decreasing shipping and receiving management from three to just one employee
Minimizing rework costs by timely process alerts
Reducing personnel by replacing constant manual oversight with accurate, digital tracking systems
Lowering administrative costs by utilizing a more efficient and accurate invoice automation platform
Case Study: A client reported comprehensive cost savings, including a 20% reduction in shipping and receiving time, fewer logistics and furnace operators needed, a 33% decrease in rework costs, a 15% savings in maintenance costs, and a 25% reduction in accounting overhead. These efficiencies translate into substantial payroll savings and improved profitability.
How To Implement
Figure 3. When racking parts out of bins, operators can simply scan QR codes, which automatically update the system with the relevant information.
One of the most significant advancements in heat treating technology is the deep integration with various equipment types. Unlike traditional ERP systems, which often lack true integration, advanced systems work backwards from equipment data, building ERP functionalities around this integration to ensure seamless and accurate data flow.
First, there are advanced systems that can handle data from both digital and analog sensors. So, for heat treaters who are juggling a variety of sensors and systems, looking for an integrative advanced system that has adaptability will ensure compatibility with existing equipment while keeping an eye on cost. Facilities can continue using their current equipment while benefiting from advanced monitoring and control capabilities.
Second, advanced ERP/MES systems can take collaboration with multiple vendors. Rather than uproot current systems and relationships, work with an advanced systems provider who is able to collaborate with other software and systems. Advanced ERP/MES systems provide comprehensive solutions that include deep equipment integration and full ERP functionalities. This approach reduces the complexity and cost of integration, ensuring that all components work together seamlessly.
Key Applications
Most operations in a heat treat department will benefit from advanced systems due to the time-saving automations that the system integrates. But many heat treaters are looking to adapt and integrate older systems and often more complex designs, like roller hearth furnaces. Here are some steps that experts will take to guide you through to make the digital integration smooth and effective:
First, it is important to understand you don’t need to boil the ocean. Starting with a more advanced inventory tracking system that employs barcodes can set the underpinnings for a more integrated system while providing immediate benefits to your logistics.
Then, it is also key to get a deep understanding of your current process and map out your operational workflow. Using a flowchart program helps visualize the process to make sure all stakeholders are on the same page.
Some aspects of your current process are probably outdated (perhaps created by someone who is no longer at the company), while others are key to the core of how you operate. Understanding the difference is crucial to make sure you unlock potential automation without disturbing your core process and flow.
You’ll then need to prepare every required form, document, chart etc. that you use in the operation. For process control, recipes, and lab testing, provide many parts/iterations to capture the complexity.
Finally, take inventory of any existing digital systems you have adopted, like inventory tracking, spreadsheets, or custom software. The existing system network, including servers, Wi-Fi setup, and hardware (PCs, printers, scanners, etc.) will be utilized as much as possible in the transition to reduce the need to purchase and set up different equipment.
The future will require constant innovations and thoughtful leveraging of increasingly advanced systems. Unlike static, homegrown, or “pieced together” solutions, the most advanced systems are constantly updated with new features, ensuring they remain at the cutting edge of technology. Engaging directly with plant personnel to understand their needs and challenges allows systems like CombustionOS to evolve and improve continuously.
The heat treating industry is on the cusp of a technological transformation, driven by advancements in ERP, MES, and AI. These technologies offer the potential to enhance quality, efficiency, and profitability, making them essential for the future of manufacturing. By embracing automation, integrating advanced AI capabilities, and committing to continuous innovation, the industry can achieve new levels of operational excellence.
About the Author:
Sefi Grossman Founder & CEO CombustionOS Source: Author
Sefi Grossman has been at the forefront of technology revolutions for the past two decades and has been leading the technology company CombustionOS for nearly seven years.
