FY2012 NDAA – Reporting Counterfeit Electronic Parts

Prior to the FY2012 NDAA, the sharing of information on component counterfeiting incidents depended on willingness to share it. Though companies acknowledged the benefits they received from counterfeit case reports published by others, several defense and aerospace companies claim that legal or liability issues has been the chief reason for not sharing information on the incidents they discover. Though business systems adopted by defense and aerospace companies address disposition, containment and corrective action associated with non-conforming material issues in general, many companies lack business processes to support the sharing of information for the benefit of others who may also be affected.

The NDAA for FY 2012 will require contractors to (1) establish policies and procedures for reporting counterfeit and suspect counterfeit electronic parts, and (2) to report the discovery of counterfeit or suspect counterfeit electronic parts in writing within 60 days. The NDAA will also remove civil liability on the basis of such reporting. According to Section 818 of the NDAA, DOD is expected to establish Department guidance and policies for reporting counterfeits within 180 days after the date of the enactment of the NDAA; regulations applicable to contractors are expected within 270 days. The language of Section 818 specifically refers to the Government-Industry Data Exchange Program (GIDEP) as a reporting vehicle, but allows for DOD to designate “a similar program”.

Recommendations

The following is a list of recommendations for DOD to consider as it develops guidance, policy and regulations for reporting counterfeit electronic parts:

  1. Establish the Government-Industry Data Exchange Program (GIDEP) as the repository for receiving and disseminating counterfeit case reports.
  2. In addition to establishing GIDEP as the repository for counterfeit case reports, designate a focal point to function as the “appropriate Government authority” for contractors to notify.
  3. Designate who within the supply chain should report specific counterfeit events (i.e. prime contractor, subcontractor, or component supplier), but allow for flexibility.
  4. Maintain the current practice of allowing the supplier of a suspect counterfeit part to respond and comment on the report before its release and dissemination.
  5. Maintain requirements for key information to include in reports (e.g. manufacturer whose part has been counterfeited, the supplier(s) involved, the part number (s), lot / date code(s), attributes and anomalies to support reasons why the items are believed to be counterfeit)
  6. Provide access to contractors and component suppliers for counterfeit case reports published by US Government agencies (e.g. GIDEP Limited Distribution Agency Action Notices).
  7. Limit access to counterfeit case reports to contractors, component suppliers and US Government agencies in order to preserve an environment of trust.
  8. Establish collaboration with investigative and law enforcement communities. (Some federal investigators have advised companies not to report in certain instances or to delay reporting through information sharing mechanisms such as GIDEP.)

Henry Livingston

Advertisements

One thought on “FY2012 NDAA – Reporting Counterfeit Electronic Parts

  1. I received a direct response from a colleague whose knowledge runs very deep on the subject of counterfeit electronic parts and these comments tell me that I left a great deal to read between the lines on a couple of points. Here is my attempt at clarity …

    It may help to break down the reporting issue into two subcategories …
    A. Reporting so others can determine if they too are affected (e.g. GIDEP reporting)
    B. Reporting to give the US Government the opportunity to pursue a criminal investigation
     
    Though collaboration is necessary between these two, they are really (in my mind) two distinctly different forms of reporting with very different purposes. Based on feedback I have received from experts involved in criminal investigations and prosecutions, information gathered for the purpose of A also supports B, but in some cases (as I describe in item 8) the timing of A can conflict with B. 
     
    Re Item 2: “designate a focal point to function as the ‘appropriate Government authority’ for contractors to notify.”
    The NDAA will require reporting both to GIDEP and to “appropriate Government authorities”. I read the former to address the need to communicate a finding to other potential users and the former to be associated with the potential for criminal investigation. When we developed AS5553 (and with some attempts before that activity) a few of us approached various investigative and oversight agencies about who to notify in the event of counterfeit part discovery to provide the Government with the opportunity to pursue an investigation. Though most of the agency reps we asked understood the reasoning behind the question and the desire to forgo the need to notify several agencies, I don’t think we have closure on this issue. The result is what you see in Appendix G to AS5553. My hope is that DOD will designate a single focal point for contractors to notify who will then see to further dissemination of the information.

    Item 3: “Designate who within the supply chain should report specific counterfeit events”
    My colleague suggested that the organization that finds the counterfeit should report the incident. That makes great sense to me (as a “discoverer” I can speak with experience here), but there does need to be some flexibility. In the case of reporting the incident to GIDEP, many contractors have elected require their supplier to publish the report through GIDEP and I don’t argue with that approach if the facts and conclusions are sound. The important thing is that (1) the finding is reported,(2) enough information is included so others can also determine if they too have acquired these parts, or if they have been using the same supplier whose practices allowed the escape, and (3) provide information that helps to understand what variant of counterfeit product is involved.

    My colleague brings up the subject of “bad reports” …
    (a) Poor quality reports: The conclusions are fundamentally correct, but the report itself may be lacking with respect to its usefulness to others (see item 5),
    (b) Flawed conclusions: My colleague has observed on a number of occasions where the conclusions are incorrect (the parts were not counterfeit) or the fundamental conclusion was correct, but for the wrong reasons. I think support from Original Component Manufactures (OCMs) would nip that problem in the bud. Are you listening SIA?

    Henry Livingston

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: