G-19 Counterfeit Electronic Components Committee

Download Report

Transcript G-19 Counterfeit Electronic Components Committee

Counterfeit Electronic Parts; Avoidance, Detection, Mitigation and Disposition

AS5553 Standards Development Progress Phil Zulueta October 2008

How large is the problem?

• Industry wide, global problem. “Since 1982, the global trade in illegitimate goods has increased from $5.5 billion to approximately $600 billion annually. Approximately 5%-7% of the world trade is in counterfeit goods.” Source: International Anti-Counterfeiting Coalition (IACC) • “Counterfeiting and piracy cost the U.S. economy between $200-$250 billion per year, and has contributed to the loss of approximately 750,000 American jobs.” Source: FBI estimates.

• Current value of counterfeit components is between $1 and $10 billion annually. Most counterfeit cases are not documented – volume too large.

• “U.S. companies suffer $9 billion in trade losses due to international copyright piracy.

Counterfeiting poses a threat to global health and safety. Counterfeiting poses a threat to global health and safety.

” Source: IACC • ERAI, Inc. receives ~200 suspect counterfeit part complaints/month and confirmed more than 2800 brokers selling counterfeit components.

October 2008 2

October 2008 3

To: SAE G-19 ...

Texas Instruments just issued a GIDEP report re "multiple seizures of counterfeit TI military grade devices were made by United States Customs in 2006, 2007 and 2008 to date". See GIDEP Problem Advisory CE9-P-08-02.

In addition the specific findings, this report is noteworthy because ...

(1)it reflects continued and increasing incidents of counterfeit semiconductor products, (2)it is a rare report from an Original Component Manufacturer, and (3)it is intended to educate customers (e.g. aerospace and defense contractors) "as to the nature and scope of these counterfeit incidents". Regards, Henry Livingston BAE Systems October 2008

GIDEP Problem Advisory CE9-P-08-02

4

Industry Best Practices - Awareness

• Develop and deploy anti-counterfeit education and training programs for internal and external stakeholders.

• Conduct ongoing monitoring of distribution streams of counterfeit products, such as internet brokers, direct sales, retail outlets, wholesalers and internet trade web sites.

• Create an internal anti-counterfeiting task force and include representatives from parts engineering, quality assurance, procurement, manufacturing, general council, etc. • Benchmark other companies and suppliers, share best practices and pool information on anti-counterfeiting strategies.

October 2008 5

Industry Best Practices - Prevention

Design

• Proactively manage product lifecycle vs. component lifecycle.

• Update design when products are hard-to-find or unavailable.

Supplier Checks

• Know your suppliers. Conduct surveys of their inspection and testing capabilities and audit their counterfeit prevention program. • Contact the original manufacturer for photo of the parts and/or labels for validation.

Purchasing

• Buy direct from original manufacturers or their authorized distributors.

• Require proof of traceability to the original component manufacturer.

• Verify that manufacturers have guaranteed methods to destroy scrapped parts.

• Buy adequate stock of last time buys.

• Make your purchase contingent upon the outcome of evaluation and testing.

• Outsource component procurement and work closely with them.

October 2008 6

Industry Best Practices - Detection

Inspection, Testing & Evaluation

• Institute strong incoming quality assurance on all parts.

• Visually inspect. Paperwork is no substitute for testing and visual inspection.

• Upgrade inspection training and procedures for identifying counterfeit components.

• Pay attention to labels; misspelling, omission (missing sales order number, missing lot numbers), date codes on label match date code on part, inconsistent formatting, etc.

• Establish and maintain a package & die pedigree photo collection to help identify counterfeits.

• Verify the part markings with the manufacturer when buying from independent supplier.

• Implement NDE methods where applicable.

• Electrically test devices from questionable sources.

• DPA - De-construct sample parts. Maintain a reference library of manufacturer’s data books on obsolete components.

October 2008 7

Industry Best Practices - Response Strategy

• Participate in reporting and cooperate in investigation programs for suspect devices and respond to such reports, e.g. Government Industry Data Exchange Program (GIDEP) and ERAI, Inc.

• Coordinate with U.S. and international organizations and trade alliances such as Alliance for Gray Market and Counterfeit Abatement (AGMA), the International Anti Counterfeiting Coalition (IACC), U.S. Immigration and Customs Enforcement (ICE) on responding to counterfeiting issues and the U.S. Chamber of Commerce (Coalition Against counterfeiting and Piracy).

• Take legal action or cooperate with law enforcement against counterfeiting using civil and criminal remedies.

http://www.agmaglobal.org/ http://www.iacc.org/ http://www.erai.com/home.aspx

http://www.ice.gov/ http://www.gidep.org/ http://www.uschamber.com/ncf/initiatives/counterfeiting.htm

http://www.thecacp.com/portal/counterfeiting/default

October 2008 8

SAE G-19 Document Rationale

• Created in response to a significant and increasing volume of counterfeit electronic parts entering the aerospace supply chain, posing significant performance, reliability, and safety risks and, • to provide uniform requirements, practices and methods to mitigate the risks of receiving and installing counterfeit electronic parts. • Created to document standard requirements, practices and methods related to: – parts management, – supplier management, – procurement, – inspection, test/evaluation, and – response strategies when suspect or confirmed counterfeit parts are discovered.

October 2008 9

G-19 Committee Challenges

Do we need another standard? How does G-19 effort compare or conflict with the GEIA G-12 effort (now complete)?

• Can we craft a document that will have widespread acceptance in all electronic industry segments: Defense, Aerospace, Civil, Commercial, other and the widely varying supply chain?

• How much should we disclose regarding methods to detect counterfeits?

• Can we agree on a Design, Procurement, Risk Mitigation Process Flow?

• Can we agree on an outline and content?

• Can we secure uniform government agency policies on: – cooperating with government investigators and enforcement agencies (DCIS, FBI, ICE, …?) – reporting findings to industry (e.g. GIDEP, ERAI, etc.)?

– alerting/communicating findings to suppliers?

– disposition of suspect/confirmed counterfeits and their financial implications?

October 2008 10

G-19 Members & Liaisons

• • • • • • • • • • • • • • •

U.S. Government …

DCIS HQs, Economic Crimes DOE, Office of Inspector General DSCC GIDEP MDA NASA Office of Management & Budget, Office of Federal Procurement Policy U.S. Air Force/NRO (Aerospace Corp.) U.S. Army - AMRDEC U.S. Customs and Border Protection U.S. DOT, Office of Inspector General/Office of Investigations U.S. Navy - NAVAIR U.S. Navy - NSWC U.S. Navy - NCIS U.S. Nuclear Regulatory Commission • • • • •

Industry Associations …

Aerospace Industries Association (AIA) Best Manufacturing Practices Center of Excellence (BMPCOE) ERAI, Inc.

Government Electronics & Information Technology Association (GEIA) Independent Distributors of Electronics Association (IDEA) • • • • • • • • • • • • • • •

Industry …

American Electronic Resources Analytical Solutions Arcadia Components Arrow Zeus Electronics BAE Systems Boeing General Dynamics Jabil Circuits Lockheed Martin Maxim Integrated Products N.F. Smith & Associates Northrop Grumman Orbital Sciences QP Semiconductor Raytheon Note: Technical experts participate on SAE Committees as individuals and not as official representatives of their companies or organizations.

October 2008 11

TABLE OF CONTENTS 1.

1.1

1.2

2.

2.1

2.2

2.3

2.4

3.

3.1

3.2

3.3

4.

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

SCOPE .......................................................................................................................................................... 3 Purpose ......................................................................................................................................................... 3 Application ..................................................................................................................................................... 3 APPLICABLE DOCUMENTS ........................................................................................................................ 3 SAE Publications ........................................................................................................................................... 3 ANSI Publications ......................................................................................................................................... 4 U.S. Government Publications ...................................................................................................................... 4 Commercial Publications ............................................................................................................................... 4 TERMS AND DEFINITIONS ......................................................................................................................... 5 Suspect Part .................................................................................................................................................. 5 Counterfeit Part ............................................................................................................................................. 5 Related Definitions ........................................................................................................................................ 5 REQUIREMENTS ......................................................................................................................................... 8 Counterfeit Electronic Parts Control Plan ..................................................................................................... 8 Parts Availability ............................................................................................................................................ 8 Purchasing .................................................................................................................................................... 8 Purchasing Information ................................................................................................................................. 9 Verification of Purchased Product ................................................................................................................. 9 In Process Investigation ................................................................................................................................ 9 Material Control ............................................................................................................................................. 9 Reporting ....................................................................................................................................................... 9 APPENDIX A - PARTS AVAILABILITY ................................................................................................................................. 11 APPENDIX B - PURCHASING PROCESS ........................................................................................................................... 12 APPENDIX C - SUPPLY CHAIN TRACEABILITY ................................................................................................................ 17 APPENDIX D - PROCUREMENT CONTRACT REQUIREMENTS ...................................................................................... 18 APPENDIX E - PRODUCT ASSURANCE ............................................................................................................................ 21 APPENDIX F - MATERIAL CONTROL ................................................................................................................................ 26 APPENDIX G - REPORTING ................................................................................................................................................ 27 APPENDIX H - ACRONYMS AND ABBREVIATIONS .......................................................................................................... 32

October 2008 12

Counterfeit Parts Risk Mitigation starts with a Control Plan and Product Life Cycle Design Management

4. REQUIREMENTS 4.1 Counterfeit Electronic Parts Control Plan

The organization shall develop and implement a counterfeit electronic parts control plan that documents its processes used for risk mitigation, disposition, and reporting of counterfeit parts.

4.1.1 Parts Availability

The processes shall maximize availability of authentic, originally designed and/or qualified parts throughout the product’s life cycle, including management of parts obsolescence. Information and guidance for ensuring parts availability is provided in Appendix A, Parts Availability .

October 2008 13

Secondly, with updated purchasing processes

4.1.2 Purchasing

The processes shall: a. Assess potential sources of supply (electronic parts, assemblies, and equipment suppliers) to determine the risk of receiving counterfeit parts. Assessment actions may include surveys, audits, review of product alerts (e.g., GIDEP, ERAI), and review of supplier quality data to determine past performance.

b. Maintain a register of approved suppliers, including the scope of the approval, to minimize the risk of counterfeit parts supply. Information and guidelines for source assessment and approval/selection are provided in Appendix B, Purchasing Process .

c. Specify a preference to procure directly from OCMs or authorized suppliers who are on the approved supplier register.

d. Assure that approved/ongoing sources of supply are maintaining effective processes for mitigating the risks of supplying counterfeit electronic parts… e. Assess and mitigate risks of procuring counterfeit parts from sources other than OCMs or authorized suppliers. This shall be accomplished for every application when it is necessary to procure from other than the OCM or authorized supplier.

f. Specify supply chain traceability to the OCM or after market manufacturer that identifies the name and location of all of the supply chain intermediaries from the part manufacturer to the direct source of the product for the seller. If this traceability is unavailable, a risk mitigation plan is required. Guidance and information regarding supply chain traceability are provided in Appendix C, Supply Chain Traceability .

g. Specify flow down of applicable requirements of this document to applicable contractors and their sub contractors. In the event that one or more supply chain intermediaries do not have a counterfeit part control plan compliant to this document, a risk analysis shall be required for every application of the part.

October 2008 14

Appendix Figures

Confidence In Authenticity Original Component Manufacturer or Certified Manufacturer Franchised Distributor Original Equipment Manufacturer / Contract Manufacturer Independent Distributor with good quality, reputation, and procedures Independent Distributor with unknown quality reputation, and procedures Unknown Source ERAI & GIDEP alerts issued on Vendor Lowest Risk Non-Critical Applications Short Product Life Expectancy / Non-Critical Applications Product Accessible to Field Repair Application Critical Refurbished or Reclaimed Parts ERAI & GIDEP Alert on Items Field Work or Repair Impossible (i.e. Satellites, etc.) Mission Critical Safety Critical Life Dependent Applications

October 2008

Highest Risk

Risk Stack Chart Procurement Risk Mitigation Flow Diagram

15

Reduce Risk with Strong Contract Clauses

4.1.3 Purchasing Information

Invoke contract/purchase order quality requirements to minimize the risk of being provided counterfeit parts. Examples of procurement quality requirements and clauses related to counterfeit parts prevention are provided in Appendix D, Procurement Contract Requirements .

D.3.2 Supply Chain Traceability “The seller shall maintain a method of item traceability that ensures tracking of the supply chain back to the manufacturer of all Electrical, Electronic, and Electromechanical (EEE) parts included in assemblies and subassemblies being delivered per this order. This traceability method shall clearly identify the name and location of all of the supply chain intermediaries from the manufacturer to the direct source of the product for the seller, and shall include the manufacturer's batch identification for the item(s) such as date codes, lot codes, serializations, or other batch identifications.” D.3.5 Product Impoundment and Financial Responsibility “If suspect/counterfeit parts are furnished under this purchase agreement, such items shall be impounded. The seller shall promptly replace such items with items acceptable to the and the seller may be liable for all costs relating to impoundment, removal, and replacement. may turn such items over to US Governmental authorities (Office of Inspector General, Defense Criminal Investigative Service, Federal Bureau of investigation, etc.) for investigation and reserves the right to withhold payment for the suspect items pending the results of the investigation.”

October 2008 16

4.1.4 Verification of Purchased Product

The documented processes shall assure detection of counterfeit parts prior to formal product acceptance… Guidelines concerning the performance of risk-based product assurance are provided in Appendix E, Product Assurance .

Compliance Verification

October 2008 17

4.1.5 In Process Investigation

The documented processes shall address the detection, verification and control of in process (post acceptance), and in-service suspect counterfeit parts.

4.1.6 Material Control

The documented processes shall specify methods for physical identification (e.g., tag, label, mark), segregation/quarantine, and control of suspect or confirmed counterfeit parts to preclude their use or installation. The documented processes shall ensure that counterfeit parts do not re-enter the supply chain. Guidelines for segregation and disposition of counterfeits are provided in Appendix F, Material Control .

4.1.7 Reporting

The documented processes shall assure that all occurrences of counterfeit parts are reported, as appropriate and applicable, to internal organizations, customers, government reporting organizations (e.g., GIDEP), industry supported reporting programs (e.g., ERAI), and criminal investigative authorities. Information and guidelines for reporting counterfeit parts are provided in Appendix G, Reporting .

October 2008 18

What is NASA doing?

Draft NASA Policy Directive (NPD 8730.2 Rev C) NASA Parts Policy (September 2008) Responsible Office: Office of Safety and Mission Assurance Subject: NASA Parts Policy

• Applies to NASA Headquarters, NASA Centers, including Component Facilities, NASA programs and projects, and to the JPL and other NASA contractors and grantees as delineated in their contracts or grants for flight hardware, critical ground support equipment (GSE), and critical ground test systems • Specifies SAE AS5553, Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition as one of the applicable documents.

• Specifies top-down responsibility from:  a. The Chief, Safety and Mission Assurance to  b. Center Directors to   c. NASA Center SMA Directors or other designee(s) to d. NASA Center Engineering Offices to  e. Contracting Officers to  f. Program, project, and Government Furnished Equipment (GFE) managers.

• Shall … (6) Develop, document, and implement a counterfeit EEE parts control plan for the avoidance, detection, mitigation, disposition, control, and reporting of counterfeit EEE parts (Requirement). Control plans may be project unique or apply to multiple Center projects. Guidelines concerning counterfeit parts control plan contents are provided in Attachment B. Detailed guidance and definitions are provided in AS5553.

October 2008 19

What is NASA doing?

ATTACHMENT B: Counterfeit Parts Control Plan Contents

a. Parts Availability Process : Maximize availability of authentic, originally designed, and qualified parts throughout the product's life cycle, including, for example: (1) Control of parts obsolescence.

(2) Alternate/multiple sources… b. Procurement Process : (1) Assess potential sources of supply to determine the risk of receiving non authentic parts… (2) Mitigate risks of procuring counterfeit parts from sources other than OCMs or authorized suppliers… (5) Include applicable contract/purchase order quality requirements related to counterfeit parts prevention. Examples of quality requirements are provided in AS5553, including:… (6) Specify contractor flow down of applicable counterfeit parts prevention requirements to their subcontractors.

c. Product Assurance Process : Verify receipt of authentic conforming parts, commensurate with product risk… Product assurance actions include review of data deliverables, verification of purchase order quality clause compliance, visual inspection, measurements, nondestructive evaluation (e.g., x-ray, hermeticity, marking permanency) and destructive testing (e.g., destructive physical analysis, thermal cycling, construction analysis).

d. Material Control and Disposition Process : (1) Identify and quarantine suspect or confirmed counterfeit parts… e. Reporting Process : Report nonconforming, defective, and/or suspected counterfeit parts in accordance with…

October 2008

20

New Course in Counterfeit Parts Visual Detection

• Based on IDEA’s 60-point inspection plan plus other industry best practices. • Course length estimate four (4) hours and will include hands-on training with “confirmed” counterfeit parts.

• Available for inspectors, operators, auditors, suppliers and other interested individuals.

• Status - Completed with classes started in September.

October 2008 21

Status

• AS5553 balloting closed Tuesday, September 16.

• One additional month is allowed for SAE Aerospace Council Review and G-19 committee disposition of comments.

• Public Release estimated end of October.

October 2008 22

• President Bush on Monday (October 13) signed into law a bill strengthening civil and criminal laws against counterfeiting and piracy, boosting resources for enforcement and prosecution, and changing coordination of IP enforcement issues within the Executive Branch. ( IP-Watch ) • "By becoming law, the PRO-IP Act sends the message to [intellectual property] criminals everywhere that the U.S. will go the extra mile to protect American innovation," said U.S. Chamber of Commerce President Tom Donohue. ( Wall Street Journal ) • Counterfeiting hurts businesses, innovators, workers, consumers, government, and our national security. In recent years, counterfeiting has grown rapidly. Counterfeiting costs America hundreds of billions of dollars a year and has harmful effects throughout the economy. Fake products can expose consumers to serious health and safety risks. Government loses out on tax revenues and is forced to divert law enforcement resources. Terrorist networks use counterfeit sales to finance their operations. ( White House )

October 2008 23

Thank You!

Members • Government • Industry • Industry Associations G-19 Committee • Formed September 2007 • Convene weekly on “fast-track” course Charter • Address aspects of preventing, detecting, responding to and counteracting the threat of counterfeit electronic components Objective • Develop Standard(s) suitable for use in aeronautic, space, defense, civil and commercial electronic equipment applications to mitigate the risks of counterfeit electronic components Aerospace Standard AS5553 Incorporates recognized best practices in: • Component Management • • • • • Supplier Management Procurement Inspection Test/Evaluation Methods Response strategies when suspect or confirmed counterfeit components are detected

October 2008 24