According to Section 818 of the FY2012 NDAA, DOD is expected to issue or revise guidance applicable to Department components to implement a risk-based approach to minimize the impact of counterfeit or suspect counterfeit electronic parts. The “Risk Management Guide For DoD Acquisition” states that risk management is critical to acquisition program success and “helps ensure program cost, schedule, and performance objectives are achieved at every stage in the life cycle and to communicate to all stakeholders the process for uncovering, determining the scope of, and managing program uncertainties”. The “Risk Management Guide” stresses collaboration between the government office and the contractor — “the government shares the risk with the development, production, or support contractor (if commercial support is chosen), and does not transfer all risks to the contractor”.
In briefings presented at recent DoD / Industry forums and conferences, DoD representatives described counterfeiting as “just one of many program risks”. Risk factors discussed include:
- Part Designation (e.g. mission critical components, safety items, controlled inventory)
- Design, Production, Sustainment, Intellectual Property Control (within the Government and among contractors and subcontractors)
- Traceability & Authenticity Verification (traceability to authorized sources, supplier history, inspections, supplier certifications, etc.)
Several elements exist for these risk factors, each of which calling for identification of root causes, assessment of the probability of occurrence, and identification of consequences. The identification of consequences is typically expressed in terms of performance, schedule, and cost. In the case of counterfeit electronic parts, consequences in terms of performance should consider end item reliability and personnel safety.
The following considerations are offered to DoD as it develops a risk-based approach to minimize the impact of counterfeit or suspect counterfeit electronic parts:
Types of Counterfeits
The types of counterfeit electronic parts vary significantly and the effect of counterfeits on equipment performance depends on the specific application of the electronic part within that equipment. Some types of counterfeits do not work and others do not behave at all like the authentic item. The probability of a quality escape for these types of counterfeits is relatively low. Other types of counterfeits, however, closely resemble the authentic item and variations in performance are difficult to detect without extensive testing of the electronic parts themselves. Used parts, such as those removed from e-waste by counterfeiting operations, can be damaged due to uncontrolled removal from electronic assemblies and inadequate storage and handling conditions. During testimony to the Senate Armed Services Committee, Lt General Patrick O’Reilly stated “Although a counterfeit part may have passed [equipment] acceptance testing, we do not know its remaining operational life…”. The consequences of a counterfeit electronic part quality escape can vary dramatically. For some applications, a counterfeit electronic part can seriously impact equipment reliability; for other applications, some types of counterfeits may not have a serious effect on the end item’s performance or mission. Risk assessments should weigh the consequences of a counterfeit part quality escape and the extent of due dilligence applied to prevent an escape. In the event of a counterfeit part quality escape, the impact of the escape on the specific end use application should be assessed versus remediation approaches available to address the escape.
The implementation of a ‘trusted supplier’ concept is a key factor in risk management associated with counterfeit electronic part avoidance. Section 818 of the FY2012 NDAA includes the keystone to counterfeit avoidance practices recommended by industry and US government subject matter experts and industry standards such as AS5553— use of original manufacturers of the parts or their authorized dealers. Should DoD consider including suppliers other than original manufacturers or their authorized dealers as ‘trusted suppliers’, DoD will by definition be accepting some level of risk that counterfeit electronic parts will enter its supply chain. Risk assessments must account for the fact that the probability of a counterfeit electronic part quality escape will depend heavily on supplier qualification requirements and the extent of inspections and tests applied to detect counterfeits.
Obsolete Electronic Parts
Obsolescence Management is key to reducing the likelihood of having to purchase parts through riskier supply chains. Customers, however, are often constrained regarding their ability to support and fund approaches to eliminate the use of obsolete components. If obsolete electronic parts are not eliminated from equipment designs, continued production and maintenance of the equipment will remain vulnerable to counterfeits. The more time that passes after an OCM discontinues the manufacture of an electronic part, the lower the probability that authentic and unused parts exist. Risk assessments should weigh the consequences of a counterfeit part quality escape and the cost and time to necessary to mitigate them versus the cost and time needed to eliminate obsolete parts from equipment designs.
The Use of COTS
The use of commercially available off-the-shelf (COTS) equipment and assemblies presents a number of challenges to implementing counterfeit avoidance requirements. A COTS original equipment manufacturer (OEM) will frequently advise its customers that the best way to avoid counterfeits of its finished products is to purchase them directly from the OEM or its authorized dealer. The same COTS OEM, however, may not divulge its own practices to prevent counterfeit parts from finding their way into their own products and may not accept flow downs from customers dictating procurement, reporting and remediation requirements. Risk assessments should consider the ability of DoD procurement organizations and contractors to influence the COTS OEM’s business practices.