Manufacturing of wood-based panels is done in a continuous process involving the feeding of raw materials (wood and resins from external suppliers), their processing (through heat and pressure) and finishing of the panels (sanding and cutting) or further processing (such as surfacing with decorative papers from external suppliers). Panels are then supplied to industrial clients, large or small, in the sectors of furniture manufacturing, flooring production, construction systems or interior design applications (ex: wall panelling).


Requirements from those B2B clients, in terms of product quality, standards compliance and service levels, are more and more demanding. And diversity in the product mix (different sizes, thicknesses, finishes or other product characteristics) is increasing. This context led SONAE’s wood-based panels business, through linked third-party Sonae Arauco, to develop a Plant 4.0 strategy that aims at developing a digitally connected and collaborative approach to manufacturing, exchanging data throughout the value-chain (upstream and downstream) in a fast, reliable and secure way. This strategy means bridging the gap between two realities – Information Technology (IT) and Operational Technology (OT) – to ensure security, resilience and availability at all levels, as depicted in the above figure.

This is achieved through an integration architecture that considers different layers, from the shop floor level to a corporate level (holistic view of different production plants), up to the external layer that enables data sharing and automation in a value-chain perspective (from raw materials suppliers, logistics providers and machinery maintenance companies to industrial clients).

Being a rather traditional industry, production plants typically rely on a wide number of different machinery from different suppliers, some of them ld and with outdated software, which can pose a challenge when extracting and integrating data from those different parts of the production line and, consequently, sharing that data with value-chain partners. Implementing that Plant 4.0 strategy also implies ensuring the connectivity of those machines through sensors and IoT devices to enable data flows at the plant level (manufacturing floor), at the company level (between different plants) and in an ecosystem perspective (with suppliers and clients). This poses great challenges to ensuring the security, integrity and reliability of these data flows and the resilience of the systems in place. Assessing risks and vulnerabilities of all equipment (machinery, sensors, PLCs and others) and ensuring the cybersecurity of all connected devices and, consequently, preventing attacks and incidents and guaranteeing the availability (uptime) of the production plants is of paramount importance.

Additionally, and from a value-chain perspective, ensuring the security by design of the different integration layers (at the plant level, at a corporate level and at an external level) is key to foster trust, and stimulate data sharing/mining and value-added services. But the lack of a reference architecture and of a comprehensive framework for value-chain connectivity poses some great challenges to the implementation of such a vision. Currently, data at an OT level is not shared with external entities.

Given the context detailed previously, the main objective is to test and deploy mechanisms intended to guarantee the cybersecurity, integrity and availability of equipment as well as the security at each integration layer, namely the External Integration Layer (value-chain layer). Thus, SONAE aims to run a proof-of-concept to test and help validate the components of the FISHY platform designed to facilitate trust guarantees and security assurance of individual IoT devices, the ecosystem of IoT devices and the edge and cloud infrastructures in place, thus helping enforce and audit IoT security, a key condition for the reliance on IoT devices to digitize manufacturing sites. FISHY’s strategy towards this end, is based on a mixture of traditional IoT security controls (with the corresponding measurement of trust), gateways (to monitor and reliably report the state of the IoT ecosystem) and virtualized network security functions to provide security-on-demand as need-based.

This use case will also test and help validate the components of FISHY that could ensure the trust levels needed to set the basis to foster an ecosystem of services that take advantage of that digitally connected manufacturing environment (e.g., for raw materials suppliers, logistics operators, distributors, industrial clients…). Sharing data at an Operational Technology (shop floor) level, for the purposes of better reporting of raw materials quality, provisioning of raw materials, enabling machinery problems detection and maintenance services, logistics tracking and near real-time reporting of production orders’ status, requires high levels of access security and data flows. Enforcing the necessary trust levels would enable regular bidirectional data flows with external entities (no data is currently shared with external entities at an OT level). In this regard, SONAE will involve at least 2 value-chain partners (one upstream and one downstream the value-chain) to test data sharing in a secure way.