Strategies for mitigating the threat of counterfeit devicesStory
December 09, 2010
The issue of counterfeit devices is highly problematic in mission-, life-, and safety-critical applications, but strategies can be employed to ensure components are exactly what they appear to be.
A strategy for dealing with the increasing problem of counterfeit devices is key to any successful life-cycle management program; it is also a key part of a security-focused COTS design philosophy. In the military COTS market, the issue of counterfeit devices is significant because of the dependence on commercial semiconductor parts, which are typically end-of-lifed at a rate driven by Moore’s Law. Commercial component suppliers can expect to see certain volumes of sales over time on their devices. Once consumption of these devices starts to ramp down, suppliers may determine that sales are dwindling to an amount too low to justify production. When this occurs, a COTS board vendor – knowing their customer’s long-term requirements – might be able to provide a business case to the supplier that ensures a customer base. Hence, communication is vital in combating obsolescence.
In the case that a designed-in device becomes obsolete, the COTS vendor has the opportunity to plan a technology insertion. The COTS vendor can respond with a lifetime buy to minimize the impact of the imminent nonavailability of the component. Another option is to work with the customer to determine if a specific functionality is being used. If it is not, then it might be possible to eliminate the device from the card design.
Turning to the aftermarket
In the worst-case scenario when a device is no longer being manufactured, COTS vendors can turn to the aftermarket, searching globally for a specific part. Unfortunately, the process of searching aftermarket suppliers also notifies “would be” counterfeiters as to which devices are currently in demand, and thus provides the greatest profit potential for faking components. Counterfeit components most commonly enter the supply chain through independent distributors, also known as brokers. They can source materials from authorized channels, acquire surplus inventory from equipment manufacturers, or buy from other brokers. The further from the original source the supply chain extends, the greater the risk of introducing counterfeit components.
There are several ways that criminals exploit aftermarket demands. Slower-speed devices can be relabeled to appear as faster versions. Parts can be desoldered from PCBs and claimed to be new, or rejected parts that have been scrapped for noncompliance to the manufacturer’s specifications might be fraudulently salvaged and offered as good parts through the broker market. There have been cases where a part’s packaging looks great from the outside but proves to be empty inside.
Common counterfeit methods
Counterfeit parts can be produced in a variety of ways:
- Relabeling – Original labeling can be physically removed and devices relabeled. These parts may or may not have similar functionality to the authentic ones.
- Reclaiming – Authentic parts might be salvaged from discarded circuit card assemblies. Verification of functionality within specifications will not exist.
- Unauthorized manufacture – Counterfeit components are manufactured and marked to duplicate authentic parts.
- Production escapes – Test fallout from authorized manufacturing facilities is packaged/sold as authentic parts.
The responsibility to mitigate the risks posed by counterfeit materials lies throughout the entire supply chain. The board manufacturer is in a unique position to act as a gatekeeper for its customers further along the chain. Being the last to handle individual components prior to their becoming part of a board level product, a COTS hardware manufacturer must have established processes to reduce the risk of counterfeit parts integration.
The importance of supply-chain management
A COTS board design company that operates its own manufacturing facilities has an obvious advantage regarding visibility and control over the materials used in the fabrication of its products. Avoidance of counterfeit parts is best accomplished by sourcing materials directly from the component manufacturer, from authorized aftermarket support, or from franchised distributors. Components from these sources will have supporting documentation that provides an auditable pedigree.
COTS vendors should implement enhanced controls to mitigate the risk of counterfeit devices. For example, the Curtiss-Wright Controls Embedded Computing (CWCEC) “Trusted COTS” initiative manages its supply chain by maintaining an Approved Vendors List. To qualify as an approved vendor, all suppliers are subject to audits and must be able to comply with quality clauses assigned to every purchase order.
When sourcing materials from independent distributors is considered necessary, an authorization process should be initiated. Procurement, engineering, and quality representatives should be asked to confirm first that all other viable options have been explored. Risk mitigation processes for the needed device should include comparison to known-acceptable materials and verification with the original manufacturer. Testing and analysis should include third-party destructive physical analysis, third-party electrical/functional testing, and in-house electrical/functional testing within the application. At issue is the safety and success of the warfighter. Without appropriate measures in place, products with counterfeit components can be deployed in critical military applications. These can fail at critical times, causing catastrophic results. We owe it to those who put their lives on the line for us to have appropriate measures in place to ensure that this does not happen.
To learn more, e-mail Steve at [email protected].com.