The pulp and paper industry has made real progress by harnessing the power of digitalization and new technologies around the world. While this has revolutionized mill operations and quality control for many, the convergence of information technology (IT) and operational technology (OT) has also caused a notable shift in vulnerabilities to cyberattacks.
Clearly, cyber security is a constant consideration for companies of all sizes, and threats change with technological evolutions. According to Stuart E. Madnick—professor of Engineering Systems at MIT and founder of the Cybersecurity at MIT consortium—and Apple, there was a 20 percent increase in data breaches from 2022 to 2023, with more than 360 million instances of corporate or institutional data breaches during the first eight months of 2023. Madnick says these attacks have proven that organizations are only as secure as their “least secure link.” Therefore, foundational cyber controls at every level must never be overlooked in efforts to prevent incursions.
A cyber security breach in a pulp, paper, packaging, or tissue mill can bring production to a halt with potentially widespread consequences, even from a minor breach. One day of lost production or downtime in a mill could cost millions of dollars. There are also many potential sources of indirect loss in the immediate wake of a breach. In the long term, mills must contend with the costs to validate that their systems are back to normal, manage regulatory reporting, and invest additional time into rebuilding trust with customers.
New industrial technologies have placed great emphasis on connectivity. Cyber security efforts in the pulp and paper industry must offer a unified overview of all connected devices, enabling users to patch, protect, and analyze security from one central system.
Recently DS Smith’s Kemsley mill, with support from ABB, has done just that. The two organizations worked together to upgrade legacy systems and establish enhanced cyber security architecture.
ANALYZING A GENERATIONAL CHALLENGE
DS Smith is a leading provider of sustainable fiber-based packaging worldwide, supported by recycling and papermaking operations. The company’s Kemsley Paper Mill in Kent, UK, has been in operation for 99 years. Today, it is the second largest recycled paper mill in Europe, with an annual production capacity of more than 820,000 tons.
As the mill edges toward its centenary, the DS Smith Kemsley team faces a new generational challenge to create highly automated, increasingly connected, and more secure operations. As a technology leader with decades of history and many industry firsts in pulp and paper, ABB is embedded in the mission.
For the last decade, the mill successfully used an older version of ABB Ability™ System 800xA distributed control system (DCS), but that system did not lend itself to effectively supporting the latest technology and hardware. The time had come for a full system upgrade with enhanced cyber security architecture to meet modern requirements.
DIGITAL SAFETY—PLUS COMPLEX AUTOMATION
Together with a quality control system (QCS), drives, and machine control across all three paper machines on the 1.1 km2 site, the DCS touches every area of the mill. At such a scale, the idea of a seamless upgrade may have seemed impossible.
For the Kemsley mill, cyber security is an important part of its license to operate. The team wanted to maintain security, but recognized the importance digitalization plays now and in the future. Digitalization was a driving force behind this large-scale and complex project, as well as a deciding factor in partnering with ABB.
ABB and DS Smith worked together over an 18-month period developing a process of design, focusing on architecture and a comprehensive solution to deliver on the goals set by DS Smith. This collaborative approach shaped the solution and ensured an effective planning and testing process, mitigating obstacles and challenges ahead of implementation.
The mill scheduled shutdowns on all three paper machines, beginning with PM3 and PM4 simultaneously, followed by PM6 and the effluent and freshwater plant. The team recognized the importance of the project and timed it for minimal disruption to normal operations. Having three paper machines on one site isn’t common within the industry and added to the complexities and logistics of such a project—raising the stakes significantly.
The Kemsley project became one of the largest system upgrades that ABB has supplied to the industry, taking more than 6,000 hours in advance and 12 days on site. The team completed a full upgrade of the mill’s ABB Ability™ System 800xA DCS, QCS, and paper machine drives, with mill-wide integration.
Virtual measurements were included in the scope of project delivery, adding strength and weight measurements for more accurate and frequent measurements. Additional complexity lay in integrating across the operational technology, implementing cyber secure architecture all the way from automation to control to IT.
SECURING MILL-WIDE OPERATIONS
Mapping out a complex architecture to deliver cyber security at every level of operations, ABB used the expertise and power of both local and coordinated resources to deliver a close-to-seamless upgrade. ABB Ability™ System 800xA is a key operating system for DS Smith and now, with enhanced integration and more secure options, visibility of operations mill-wide have improved significantly.
Having a long-standing relationship with the local teams and coordinated resources from ABB’s Europe Regional Execution Center (EUREC) was crucial to project success, aiding smoother communication and project management. DS Smith was comfortable putting its trust in the ABB team.
“Facing a challenging upgrade across a heavily integrated system, we anticipated many obstacles. Thanks to ABB’s time, effort, and expertise, we achieved a seemingly impossible seamless upgrade. It has very much prepared the ground for what we want to do in the future,” says Adrian Clark, electrical and automation development manager at DS Smith.
TAKEAWAYS FOR THE PULP AND PAPER INDUSTRY
For those companies just beginning their cyber security journey in the industry, ABB’s pulp and paper specialists recommend focusing on a three-pronged approach: people, policies, and procedures, working alongside the right technology. The introduction of technology must be matched with operational measures that bring in people and processes. This typically includes defining policies and procedures for using the new technology, as well as educating employees accordingly.
Foundational level technical and organizational security controls must be in place to defend against the majority of the generic threats, but after that there are multiple layers to consider. Companies must undertake continuous management and maintenance of their controls, possibly choosing to add more sophisticated controls. Cyber security is not a “one and done” project and requires strong collaborative operations for controls with managed security service.
It is important not to shy away from adopting new technologies just because of the elevated security risk. Thousands of companies around the world have invested in new networks, smart automation, and edge- and IIoT-technologies without experiencing devastating cyberattacks. This is because they secured against threats by considering and implementing security as part of the overall transformation plan.
Patching and applying updates may seem rudimentary, but they are among the most important things a mill can do. It is prudent to have the highest levels of cyber-hygiene. That means having a layered defense strategy in place.
As exemplified by DS Smith’s Kemsley Mill, digitalization presents a roadmap for a more secure, efficient, and sustainable future for the pulp and paper industry. By embracing these advancements and fostering collaborative partnerships with industry leaders like ABB, manufacturers can unlock the true potential of digital transformation and secure their competitive edge in the years to come.