The Role of Traceability and Inspections, Tests and Other Methods in Counterfeit Electronic Part Avoidance

Earlier this week, a US DoD colleague asked me to post more thoughts on traceability in the context of counterfeit parts avoidance.  Here is my current view on subject… 

The origins of traceability for the purpose of counterfeit electronic part avoidance derived from the fact that counterfeit electronic parts tend to enter the supply chain through the open market. The purchase and use of counterfeits can be avoided if one (a) acquires electronic parts from the original component manufacturer (OCM) or the OCM’s authorized distributors, or (b) can confirm the hand offs of parts to the OCM or the OCM’s authorized distributors. Some Independent Distributors acquire electronic parts from an OCM or the OCM’s authorized distributors and can confirm these transactions. In the case of electronic parts acquired from the open market, however, suppliers generally cannot confirm traceability to the OCM or the OCM’s authorized distributors. It is this inability to confirm traceability to the OCM or the OCM’s authorized distributors that prompts the need to apply inspections, tests and other methods designed to avoid the procurement and use of counterfeits. This procurement risk mitigation process is described in SAE Aerospace Standard AS5553. [1] Taking a cue from government and industry subject matter experts, Congress included this expectation in the original legislation that initiated the final rule under DFARS Case 2012-D055. [2]

An organization meets the traceability requirments of AS5553 and the objective of DFARS 252.246–7007(c)(2) and 252.246–7007(c)(4) if the organization establishes and applies processes and procedures that … 

(a) assure procurement from the OCM or the OCM’s authorized distributors; or 

(b) confirm traceability to the OCM for parts procured from other suppliers; or 

(c) apply inspections, tests and other methods designed to intercept and avoid the use counterfeits when unable to confirm traceability to the OCM or the OCM’s authorized distributors. 

[1] SAE Aerospace Standard AS5553, Appendix B – Purchasing Process, Figure B3 – Procurement Risk Mitigation. 

[2] H.R.1540: National Defense Authorization Act for Fiscal Year 2012, Sec. 818. Detection and Avoidance of Counterfeit Electronic Parts

~ ~ ~ ~ 

Here is an earlier post that elaborates on item ‘b’ above …

Partnering With Small Business in the Fight Against Counterfeit Electronic Parts

Smoking light bulb in Sask. plane might have been counterfeit | CBCNews.ca Mobile

A possibly counterfeit light bulb was the source of smoke in a West Wind airplane that scuttled a flight in Saskatchewan last month. 

More at Smoking light bulb in Sask. plane might have been counterfeit | CBCNews.ca Mobile. 

Implementing the NIST Cybersecurity Framework in Light of Evolving Threats

Luncheon with the Distinguished Speaker:

• Donna Dodson, Chief Cybersecurity Advisor for NIST

Panel Discussion:

• Donna Dodson, Chief Cybersecurity Advisor for NIST
• Matthew Scholl, Deputy Division Chief, Computer Security Division, NIST
• Liam Randall, CEO, Critical Stack
• Steve Mace, National Cable & Telecommunication Association
• Dr. Mark Tehranipoor, Director, CHASE and CSI Centers, University of Connecticut

 

Moderator:

Dr. Laurent Michel, Associate Director, CSI Center, University of Connecticut

Co-Sponsors:
Center for Hardware Assurance, Security and Engineering (CHASE), University of Connecticut
Comcast Center of Excellence for Security Innovation (CSI), University of ConnecticutSchool of Engineering, University of Connecticut

 

FAR / DFAR Case Update (23 Feb 2015)

Status updates from the ‘Open Cases Reports’ …

Continue reading →

“Systems engineering framework for cyber physical security and resilience”

“As our infrastructure, economy, and national defense increasingly rely upon cyberspace and information technology, the security of the systems that support these functions becomes more critical. Recent proclamations from the White House, Department of Defense, and elsewhere have called for increased resilience in our cyber capabilities. The growth of cyber threats extends well beyond the traditional areas of security managed by Information Technology software. The new cyber threats are introduced through vulnerabilities in infrastructures and industries supporting IT capital and operations. These vulnerabilities drive establishment of the area of cyber physical systems security. Cyber physical systems security integrates security into a wide range of interdependent computing systems and adjacent systems architectures. However, the concept of cyber physical system security is poorly understood, and the approach to manage vulnerabilities is fragmented. As cyber physical systems security is better understood, it will require a risk management framework that includes an integrated approach across physical, information, cognitive, and social domains to ensure resilience. The expanse of the threat environment will require a systems engineering approach to ensure wider, collaborative resiliency. Approaching cyber physical system security through the lens of resilience will enable the application of both integrated and targeted security measures and policies that ensure the continued functionality of critical services provided by our cyber infrastructure.”

Systems engineering framework for cyber physical security and resilience
Daniel DiMase, Zachary A. Collier, Kenneth Heffner, Igor Linkov

Cheap parts put drivers in danger says CNN report

CNN’s 360 news program dedicated over 10 minutes to a story about car repair shops in the US suing insurers for coercing them to use cheap parts and sometimes dangerous practices to fix vehicles involved in accidents …

More at Cheap parts put drivers in danger says CNN report.

Counterfeit Parts Avoidance, Part II — SMA Discussion Forum

Counterfeit parts within the government supply chain are a growing concern. Join us for a Safety and Mission Assurance Discussion Forum on March 3 at 1 p.m. EST as our panelists continue the dialog on combating counterfeit parts, including

• Cyber security and electronic parts
• Ruminations, myths and unreliable facts
• Mechanical and structural counterfeiting

More st SMA Discussion Forum: Counterfeit Parts Avoidance, Part II.

Text of H.R. 810: NASA Authorization Act of 2015 – GovTrack.us

This bill passed in the House on February 10, 2015 and goes to the Senate next for consideration. The text of the bill below is as of Feb 11, 2015 (Referred to Senate Committee).

See “SEC. 711. DETECTION AND AVOIDANCE OF COUNTERFEIT ELECTRONIC PARTS.”

More at GovTrack.us.

Auto insurers accused of pushing cheap and sometimes dangerous repairs – CNN.com

Think of “Performance Based Logistics” as a form of insurance …

“Car repair shops say auto insurance companies are coercing them to use cheap parts and sometimes dangerous practices to fix vehicles involved in accidents.”

More at CNN.com.

Mobile Apprehension: The Growing Problem of Counterfeit and Pirated Mobile Applications

Henry Livingston:

“The issue of unauthorized apps isn’t going away. With revenue from app sales predicted to reach $77 billion by 2017, the problem is only going to become more pronounced.”

Originally posted on Legalmatter:

By:Brian J. Meli

Most, if not all high-profile consumer brands commit considerable time, energy and treasure to safeguarding their valuable trademark and copyright assets from would-be infringers. Those efforts tend to focus on rooting out domain name cybersquatters, keeping brand names and logos off of inferior knock-offs, stemming the illegal copying and distribution of copyright-protected merchandise, and shutting down the illicit websites that notoriously traffic in all of the above. But there’s a new front in the war on intellectual property, one where the threat posed by counterfeited and pirated goods has quietly become just as insidious. Far from the big-box shelves, the online auctions and the Internet landing pages that have long been the front lines of this conflict; hidden in plain sight only a few taps away, lies a large and expanding commercial ecosystem rife with infringement activity—a place that, until recently, has operated largely outside the focus of brand enforcement officials. This relatively new and dangerous frontier is…

View original 1,524 more words