Prior to the FY2012 NDAA, the sharing of information on component counterfeiting incidents depended on willingness to share it. Though companies acknowledged the benefits they received from counterfeit case reports published by others, several defense and aerospace companies claim that legal or liability issues has been the chief reason for not sharing information on the incidents they discover. Though business systems adopted by defense and aerospace companies address disposition, containment and corrective action associated with non-conforming material issues in general, many companies lack business processes to support the sharing of information for the benefit of others who may also be affected.
The NDAA for FY 2012 will require contractors to (1) establish policies and procedures for reporting counterfeit and suspect counterfeit electronic parts, and (2) to report the discovery of counterfeit or suspect counterfeit electronic parts in writing within 60 days. The NDAA will also remove civil liability on the basis of such reporting. According to Section 818 of the NDAA, DOD is expected to establish Department guidance and policies for reporting counterfeits within 180 days after the date of the enactment of the NDAA; regulations applicable to contractors are expected within 270 days. The language of Section 818 specifically refers to the Government-Industry Data Exchange Program (GIDEP) as a reporting vehicle, but allows for DOD to designate “a similar program”.
The following is a list of recommendations for DOD to consider as it develops guidance, policy and regulations for reporting counterfeit electronic parts:
- Establish the Government-Industry Data Exchange Program (GIDEP) as the repository for receiving and disseminating counterfeit case reports.
- In addition to establishing GIDEP as the repository for counterfeit case reports, designate a focal point to function as the “appropriate Government authority” for contractors to notify.
- Designate who within the supply chain should report specific counterfeit events (i.e. prime contractor, subcontractor, or component supplier), but allow for flexibility.
- Maintain the current practice of allowing the supplier of a suspect counterfeit part to respond and comment on the report before its release and dissemination.
- Maintain requirements for key information to include in reports (e.g. manufacturer whose part has been counterfeited, the supplier(s) involved, the part number (s), lot / date code(s), attributes and anomalies to support reasons why the items are believed to be counterfeit)
- Provide access to contractors and component suppliers for counterfeit case reports published by US Government agencies (e.g. GIDEP Limited Distribution Agency Action Notices).
- Limit access to counterfeit case reports to contractors, component suppliers and US Government agencies in order to preserve an environment of trust.
- Establish collaboration with investigative and law enforcement communities. (Some federal investigators have advised companies not to report in certain instances or to delay reporting through information sharing mechanisms such as GIDEP.)