Transcript Welcome to the Office 2010 PowerPoint template
Anti-counterfeit summary Feb 2015
Prepared by: Jo Vann
IEC TC107 WG3
‘Counterfeit electronic parts; avoidance, detection, mitigation, and disposition in avionics applications’ convener , see http://www.iec.ch/dyn/www/f?p=103:14:0::::FSP_ORG_ID,FSP _LANG_ID:5736,25
1 GE Title or job number 4/28/2020
The Avionics Supply Chain
Using COTS components targeted for other markets (what we cannot control) To build products that must meet mil-aero requirements (what we must control)
• •
Aerospace Electronics Depends on materials and components developed for other industries Vastly different lifecycle applications 1. Parts & Materials Suppliers 2. Board Assemblers Contract Mfg
.
3. Avionics OEMs, Logistics, Maintenance and Repair 4. Platform Integrators 5. Operators & Regulators Parts 3 6 yr Lifecycle 15 - 40 yr Lifecycle
Requirements flow-down vs. products flow -up process is disrupted here
Boards Solder etc.
Aerospace Captive
Global Supply Chain
SAE AS5553A counterfeit avoidance IEC/TS 62668-1/SAE AS5553A Anti counterfeit and IEC/TS 62239-1 ECMP
costs are incurred here
2
Most life cycle
2 GE Title or job number 4/28/2020
Anti-counterfeit summary 2015
• • •
Topics discussed:
New USA legislation, National Defense Authorization Act (NDAA) and
DFAR 252.246.7007
, for electronic components supplied into USA Military programs New UK
Defence Standard 05-135 for International specifications:
UK Military programs.
• How
IEC/TS 62668-1 complements SAE-AS5553A
and how they can both be applied together to manage the Avionics supply chain to comply with DFAR 252.246.7007 and DEF-STAN-05-135 • • How
IEC/TS 62668-2
provides the risk analysis and anti-counterfeit mitigation testing for IEC/TS 62668-1, SAE AS5553A, DFAR 252.246.7007 and Defence Standard 05 135 non-franchised distributor risk analysis.
How
IEC/TS 62239-1
‘PROCESS MANAGEMENT FOR AVIONICS - Preparation of an electronic components management plan (ECMP)’
brings benefits to the Avionics OEM through obsolescence management and anti-counterfeit management plans.
3 GE Title or job number 4/28/2020
USA NDAA Anti-Counterfeit Part Law for USA Military supply chains
President Obama signed the 2012 National Defense Authorization Act (NDAA) on
2011
:
Dec 31 st
• This amendment is a result of a Senate Armed Services Committee (SASC) hearing on November 8, 2011 that exposed upwards of a million counterfeit parts in U.S. military supply chain.
DFAR rule 252.246.7007 ( which has 12 requirements) now published May 2014 see http://www.acq.osd.mil/dpap/dars/dfars/html/current/252246.htm
:
• Applies to contractors (subject to full or modified coverage under the Cost Accounting Standard (‘CAS’) as well as all subcontractors to CAS covered prime contractors regardless of the subcontractor’s CAS or size status), that supply electronic parts/systems to establish policies and procedures to eliminate counterfeit electronic parts from the US defense supply chain. • Control obsolete electronics components and have an obsolescence management program and flow down to suppliers, e.g. Distributors, subcontractors etc. • DOD to adopt procedures for detecting, avoiding and reporting counterfeit parts • Debars contractors who fail to detect and avoid counterfeit parts, or do not exercise adequate due diligence. 4 GE Title or job number 4/28/2020
DFAR rule 252.246.7007 ( which has 12 requirements)
includes:
•
Personal liability
for employees of companies under the
counterfeit military goods:
new charge of trafficking in
Fines and imprisoned (up to 20 years if claim ‘not guilty’ and later found guilty). Impacts countries with weak extradition laws to the USA, e.g. the UK.
• Traceability back to the original component manufacturer: Prime contractors i.e. air-framers are finding this clause a massive challenge and are seeking to limit this to just the traceability to the first assembly of a LRU. Further discussions with the DoD are being held in Washington DC in March 2015. It is also suggested that mandated.
IUID requirements of DFAR rule 252.211-7003
should be used but this is not • DFAR definition of counterfeit (same in SAE AS5553A),
also includes fraudulent components in addition to fraudulent recycled components and is unique to the USA.
• • Countries which use the WIPO definitions ( e.g. Europe and China) separate out the definitions where: counterfeit is ‘trademark infringement’ A fraudulent component is ‘produced or distributed either in violation of regional or local law or regulation, or in the intent to deceive the customer.’ Recycled components become fraudulent recycled components: only when sold as being new components i.e. fraud. IEC/TS 62668-1 explains this. Further revisions will occur in 2015 to make this clearer particularly for the Chinese National Committee . 5 GE Title or job number 4/28/2020
USA prosecutions in 2014
• • •
Vision Tech in Florida in 2010, discussed last year June 2014 Massachusetts-based distributor Peter Picone of Epic International Electronics Inc.,
pleaded guilty to trafficking in falsified ICs that had been resurfaced to change the date code and to affixing counterfeit marks destined for military equipment. The counterfeit parts bore the trademarks of legitimate companies such as Xilinx, National Semiconductor and Motorola. He faces 46 months in jail after pleading guilty.
This is the second prosecution on the new charge of trafficking in counterfeit military goods, see http://www.law.cornell.edu/uscode/text/18/2320 , §2320
Counterfeit military goods or services and counterfeit drugs.
—
Whoever commits an offense under subsection (a) involving a counterfeit military good or service or counterfeit drug — (A) if an individual, shall be fined not more than $5,000,000, imprisoned not more than 20 years, or both, and if other than an individual, be fined not more than $15,000,000; and (B) for a second or subsequent offense, if an individual, shall be fined not more than $15,000,000, imprisoned not more than 30 years, or both, and if other than an individual, shall be fined not more than $30,000,000. Meanwhile, last July, security firm TrapX , see that had been installed on Microsoft Windows-based scanners manufactured in China and sold to US logistics http://trapx.com/ reported that it had identified malware firms highlighting how important it is to manage your own product’s intellectual property. 6 GE Title or job number 4/28/2020
FY2015 NDAA H.R. 3979 – National Defense Authorization Act for Fiscal Year 2015 , Latest Action:
12/19/2014 Became Public Law No:
Section 818 (c ) (3) of the NDAA for FY2012 will now include reference to ‘trusted suppliers ‘, where definition will be derived from public consultation :
(i) obtain electronic parts that are in production or currently available in stock from the original manufacturers of the parts or their authorized dealers, or from
suppliers identified as trusted suppliers in accordance with regulations issued pursuant to subparagraphs (C) and (D)
; C) Establish qualification requirements, consistent with the requirements of section 2319 of title 10, United States Code, pursuant to which the Department
may identify as trusted suppliers those that have appropriate policies
and procedures in place to detect and avoid counterfeit electronic parts and suspect counterfeit electronic parts; and (D) Authorize Department contractors and subcontractors to identify and use
their own identified trusted suppliers
, provided that – (i) the standards and processes for identifying such trusted suppliers comply with established industry standards; (ii) the contractor or subcontractor assumes responsibility for the authenticity of parts provided by such suppliers as provided in paragraph (2); and (iii) the selection of such trusted suppliers is subject to review and audit by appropriate Department officials.
We expect public consultation to start around March/April 2015 with a final ruling in around 9 months.
The term in no longer ‘USA trusted suppliers’ and is ‘trusted supplier’ . Assume the G-19 SAE AS5553 committee will be involved.
7 GE Title or job number 4/28/2020
NDAA section 818 DFARS For US Military Programs
The latest open
DFAR Cases register
is located at http://www.acq.osd.mil/dpap/dars/opencases/dfarscasenum/dfars.pdf
As of December 2014 the following outstanding DFARS are pending: 2014-D005, Detection and Avoidance of Counterfeit Electronic Parts-Further Implementation. A status report was due 12/03/2014. Is this the ‘trusted suppliers’ amendment? 2014-D021, Item Unique Identification (IUID) Prescription Correction, to modify DFAR 252.211-7003, as some wording was lost and not published correctly.
FAR Council
is working on two FAR Cases that will also address DoD counterfeit parts requirements:
(a) FAR Case 2013-002
, which is expected to expand reporting of non-conforming items
( which includes counterfeit components),
supplies expected 02/25/2015. see https://www.federalregister.gov/regulations/9000 AM58/federal-acquisition-regulation-far-case-2013-002-expanded-reporting-of-nonconforming where public comments were submitted in August 2014. The draft final FAR rule is
(b) FAR Case 2012-032 ,
which is expected to modify the current regulations on higher-level contract quality requirements, see https://www.federalregister.gov/articles/2013/12/03/2013-28930/federal acquisition-regulation-higher-level-contract-quality-requirements was published September 2014. 8 GE Title or job number 4/28/2020
4 3 2
Comparison table
DFA R
requirem ent number
1
DFAR 252.246.
7007
Training Inspection and test
SAE AS5553 A
4.1.1
4.1.4
IEC/TS 62668-1 IEC/TS 62668-2
( for Non franchised distributors )
DEF STAN-05 135
4.2 j 4.2 g) 2) Second part in the IEC/TS 62668-1 series Yes whole standard for risk assessment process 6.3
6.5
Process to abolish counterfeit proliferation 4.1 4.2 c) Second part in the IEC/TS 62668-1 series 6.1
Part traceability back to OCM 4.1.4 a, 4.1.4 b 4.2 e) Second part in the IEC/TS 62668-1 series 6.4.3
Comments
DEF-STAN also requires appointment of a management representative SAE AS5553A does not provide risk assessment guidance fully. Suggest using IEC/TS 62668-2
Request a DFAR waiver if you deliberately buy untraceable stock which is then anti counterfeit risk
9 4/28/2020
mitigation tested.
Comparison table
DFAR
requireme nt number
DFAR 252.246.700
7 SAE AS5553A IEC/TS 62668-1 IEC/TS 62668-2
( for Non franchised distributors )
DEF STAN 05-135
5. Use of suppliers who are (1) OCM, (2) franchised or (3) franchised aftermarket distributors or (4) buy from these sources 4.1.3.b. 4.2 e)
Comments
Second part in the IEC/TS 62668-1 series Does not specify but asks for traceability back through to the OCM DFAR allows one more source of supply, commonly called a ‘Pass Through’ than SAE AS5553A and IEC/TS 62668-1. SAE AS5553A does not provide risk assessment guidance fully. Suggest using IEC/TS 62668-2 6. Reportin g Refers to GIDEP and other sources 4.1.9 7. Methods to identify suspect counterfeit components 4.1.5a 4.2 i) 4.2 c) Second part in the IEC/TS 62668-1 series Whole document contains risk assessment and test guidance 6.7
6.4.4, 6.5, 6.6 Access to GIDEP is not possible for non US or non Canadian companies SAE AS5553A does not provide risk assessment guidance fully. Suggest using IEC/TS 62668-2 10 GE Title or job number 4/28/2020
Comparison table
DFA R
requireme nt number
DFAR 252.246.700
7
8. 9.
Design, operation, maintenance of systems to detect and avoid counterfeit Flow-down to subcontractors
SAE AS5553 A
4.1 4.1.4.b 10 11 12 Be continually informed 4.1.1
Process for screening GIDEP reports and other sources of counterfeit info Control of obsolete parts 4.1.3a
4.1.2
IEC/TS 62668-1
4.2 c)
IEC/TS 62668 2
( for Non franchised distributors )
Second part in the IEC/TS 62668-1 series
DEF STAN 05-135
6.1.1
4.2 c) 4.2. j) Second part in the IEC/TS 62668-1 series Second part in the IEC/TS 62668-1 series 6.2.2 a) 6.2.2
Comments
Attend seminars, committees etc. Membership of broker surveillance databases, e.g. ERAI, ESCO 4.2 g) 2) Guidance referring to IEC/TS 62239 1 is provided in 4.12.1, 4.12.9, 4.12.10 Yes whole standard for risk assessment process Second part in the IEC/TS 62668-1 series Not directly addressed but part of 6.4.4 general risk assessment Not directly addressed but part of 6.4.4 general risk assessment Membership of broker surveillance databases, e.g. ERAI, ESCO counterfeit reporting webpages etc. IEC/TS 62239-1 (ECMP) includes a requirement for an obsolescence management plan requirement. 11 GE Title or job number 4/28/2020
SAE International Anti-counterfeit
• •
Specifications See http://www.sae.org/
• • • • • • G-19 committee has active membership mainly from the USA and UK • SAE AS5553A was published in January 2013 superseding SAE AS5553 which has misleading definitions.
• • • Manages components coming
into
a business only.
Targeted at general industry and AS9100 requirement is not mandatory.
Revision B was started to incorporate
DFAR 252.246.7007
general industry will allow, but recent ballot of Nov 2014 failed. Further meetings are planned with the DOD in Washington DC in March. to the extent that
The SAE has no Third Party auditing activities and is only publishing standards and auditing checklists. Was endorsed for use by the DoD for USA Military supply chains in 2013 but there is dispute about whether the new revision B will be adequate. The US DOD may not require Third party audits of SAE AS5553A (as of 2013)
The audit checklist for SAE AS5553A is published as SAE AS6462A. IECQ WG06 has started to create the administration documents for SAE AS5553 auditing 12 GE Title or job number 4/28/2020
Summary of SAE anti-counterfeit specifications
SAE Specification Title Comments/Status
AS5553A AS6462 A AIR6273 AS6174 A Counterfeit Electronic Parts: Avoidance, Detection, Mitigation and Disposition AS5553 Counterfeit Electronic Parts: Avoidance, Detection, Mitigation and Disposition Verification Criteria Terms and Definitions Fraudulent/Counterfeit Electronic parts Counterfeit Materiel: Assuring acquisition of authentic and conforming materiel Revision A released. For General industry and for components coming into a business only. Revision B started in committee to incorporate as many DFAR
252.246.7007
requirements as possible that industry will allow. Unfortunately the Nov 2014 ballot failed with >80 comments and failed to engage with the DOD correctly partly as the annexes were removed to be issued as an independent document. Meeting in March 2015 in Washington DC planned to sort out DOD issues. DOD want all annexes reinstated. Committee meetings are on hold. Revised in 2014. Audit checklist for SAE AS5553A Draft – still WIP Revised in 2014 for material and mechanical items. 13 GE Title or job number 4/28/2020
Summary of SAE anti-counterfeit specifications
SAE Specification Title Comments
AS6301 AS6081 AS6171 AS6496 ARP 6178 AS6081 Fraudulent/Counterfeit Electronics parts: Avoidance, Detection, Mitigation and Disposition Distributors Verification criteria Fraudulent/Counterfeit Electronics parts: Avoidance, Detection, Mitigation and Disposition Distributors; Counterfeit Electronic Parts:
Avoidance Protocol, Distributors
Test Methods Standards; Counterfeit Electronic Parts Issued in 2014 Released. Parts are offered by non franchised distributors with some basic testing which Avionics OEMs need to review in their application risk assessment process.
WIP- several individual test methods are ready for release: Test method I – External visual, Test method II- XRF .
Debate about risk mitigation method and whether it should be part of SAE AS5553B. Released 2014 Fraudulent/Counterfeit Electronics parts: Avoidance, Detection, Mitigation and Disposition Authorised/Franchised Distribution Fraudulent/Counterfeit Electronic Parts: Tool for Risk Assessment of Distributors Released 2011. Very useful Excel spread sheet with macro to remotely audit non franchised distributors. 14 4/28/2020
IEC committee TC107 WG3 Counterfeit electronic parts
• see http://www.iec.ch/dyn/www/f?p=103:14:0::::FSP_ORG_ID,FSP_LANG_ID:5736,25 •
Published a revision in 2014, explaining when recycled components become fraudulent recycled components for the Chinese National Committee :
IEC/TS 62668-1,
‘
PROCESS MANAGEMENT FOR AVIONICS – COUNTERFEIT PREVENTION – Part 1: Avoiding the use of counterfeit, fraudulent and recycled electronic components
Allows the use of
SAE AS5553A
plans for components coming into the business.
Enables OEMs to have one overall plan for SAE AS5553A and IEC/TS 62668-1 Discusses when recycled components become fraudulent components and why the Avionics industry cannot use them.
A revision is planned for 2015 to add in references to the DFAR and Defence Standard and to clarify terms and definitions.
Refers to the now published
IEC/TS 62668-2
‘
PROCESS MANAGEMENT FOR AVIONICS – COUNTERFEIT PREVENTION – Part 2: Managing electronic components from non franchised sources.
Used as the IEC/TS 62668-1 non franchised distributor risk assessment process.
Can also be used as a risk assessment process for the following: o o o
SAE AS5553A, DFAR rule 252.246.7007
DEF STANDARD 05-135 15 GE Title or job number 4/28/2020
• • •
Defence Standard 05-135
– Avoidance of counterfeit material
Published July 2014 for UK defence programs o o o o o High level language , based around concepts of SAE AS5553A asking for: An anti-counterfeit policy o o o
Flow-down to suppliers
Appointment of a management representative Training Purchasing controls Test and verification Control of non-conforming product Reporting OEMs who have an SAE AS5553A or IEC/TS 62668-1 plan should be able to incorporate these requirements into one generic plan. Flow down to suppliers will typically be for a SAE AS5553A plan. 16 GE Title or job number 4/28/2020
How one anti-counterfeit plan can address:
DEF STD 05-135 DFAR 252.246.7007 SAE AS5553A IEC/TS 62668-1
using the non franchised risk assessment process from:
IEC/TS 62668-2 The DEF STAN 05-135 requirements are highlighted in orange
17 GE Title or job number 4/28/2020
Same plan as on previous slide but with DFAR requirements highlighted in red
18 GE Title or job number 4/28/2020
Key elements for an anti-counterfeit plan
Publish a plan addressing each requirement of the external sta
ndard and/or provide a cross reference matrix .
This protects your business in legal court cases. Establish company standard
Purchase Order notes
which state unambiguously that ‘ no counterfeits or recycled components are allowed’.
Orders shall be placed for traceable components from OCMs or franchised distributors or franchised aftermarket distributors.
Traceability can be demonstrated by the C of C’s , packing slips, shipping label information, part marking information ( lot date codes etc.) and are required for each part of the supply chain back to the original manufacturer. Accurate part numbers on the PO to the internal component database information or BOM to that on the received C of C or Packing slip are required to prove traceability. Each part of the supply chain has to provide this level of traceability back to the original component manufacturer. Distributors who automatically default to their internal part number and ship against this, loose supply chain traceability and cannot be used. Accurate, clear Shipment labelling, C of Cs, packing slip details are required from the Distributors. Transcription errors, truncated part numbers, bad handwriting, unexplained quantities or quantities that do not add up after a stock split will when they are possibly just badly labelled. results in parts being identified as ‘suspect’ Supply chain anti-counterfeit audits have started.
Non-franchised distributors require a risk assessment
and every order placed may need anti counterfeit testing per IEC/TS 62668-2. Component Engineering input may be required to create the special test specifications. Approval from customer may be required. 19 GE Title or job number 4/28/2020
2015 anti-counterfeit supply chain
20 GE Title or job number 4/28/2020
IECQ WG06 anti-counterfeit auditing
• • • • • • See http://www.iecq.org/workgroups/wg06/ The committee has 36 members internationally. The convenor is changing and will be confirmed at the May 1 st Singapore.
2015 meeting in IECQ Documents have been published to provide the infrastructure for Certifying Bodies (CBs) to audit to: (1) SAE AS6081, (2) SAE AS5553A and will continue to cover (3) IEC/TS 62668-1 IEC IECQ has launched the IEC IECQ CAP Certification program, see http://www.iecq.org/about/cap/, . The first independent Distributor in the world to achieve certification under the SAE AS 6081 Standard was Secure Components on July 05, 2013, see certificate on next page . New anti-counterfeit program being developed for companies in general or industrial markets the Far East to define what anti-counterfeit measures they use. Will be similar to the Hazardous Substance Process of IECQ WG 05
. May evolve into an IECQ marking scheme.
21 GE Title or job number 4/28/2020
Secure Components SAE AS6081
22 GE Title or job number 4/28/2020
• • • • •
Anti-counterfeit tracking activities;
DNA fingerprint by Applied DNA Sciences for NASA using
material added to part marking ink appears to be on hold due to licencing issues.
DARPA
Shield programme
: – See http://www.securingindustry.com/electronics-and-industrial/darpa-awards-three-contracts-in anti-counterfeit-programme/s105/a2240/#.VNS2bU-zU5g – Based on use of 100 x 100 micron dielet technology inserted into the component package for tracking .
– As of January 2015, contracts have been awarded to Northrop Grumman , SRI and Charles Stark Draper Lab to develop these dielets that could be used to verify the authenticity of electronic components ‘at any step of the supply chain’. Project completion is expected by middle of 2016.
In consumer market there are various tracking companies
: https://www.ufaker.com/ https://www.markmonitor.com/ to protect on-line brand abuse.
,
JTAG interrogator
, see http://www.corelis.com/products-JTAG/JTAG-Interrogator.htm
something much less desirable.
where Corelis has adapted this proven standard to develop a non-intrusive device that easily verifies authentic semiconductors on components. Once deployed, the testing function will scan the registers already present on the components and identify specific component interconnections. Then a quick comparison of this data to a master list allows the tester to determine whether the inventory is the “real McCoy” or
Companies that search the Web for sites
selling counterfeit versions of your proprietary product ; e.g. Counterfeit Technology , Website: http://counterfeit.technology/ 23 GE Title or job number 4/28/2020
IEC and SAE publications relevant to an ECMP
Referenced Requirements
SAE EIA-933 COTS assembly management SAE ARP6338 Semiconductor Wear-out, mitigation for <90nm IEC/TS 62500
(Highly accelerated tests)
THIRD PARTY AUDITED on annual basis
ECMP IEC/TS 62239-1
owned by IEC TC107
IEC/TS 62402
(Obsolescence owned by TC56 )
SAE-STD-0016 IEC 62396-X
series (SEU Radiation) Mitigation for <90nm
Embedded Requirements:
•
Life-limited semiconductors, etc.
IEC 62340-5
(ESD)
IEC/TS 62668-1
(adopts STACK S/0001)
IEC/TS 62668-1 (Counterfeit avoidance which allows use of SAE AS5553) IEC/TS 62668-2 for non-franchised distributors SAE AS5553 IEC/TS 62564-1
(AQEC) for high temp components
IEC/TS 62240-1
(Uprating)
IEC/PAS 62435
IEC/TS 62647-XX
series (adopting GEIA-STD-
(Long term Storage owned by TC47 WG3 )
0005 series
24
24
25 GE Title or job number 4/28/2020
Anti-counterfeit summary 2012
Contact information: Jo Vann, TC107 WG3 Anti-counterfeit convenor, CEO- Component Technology , GE Aviation Systems Ltd., T +44 (0)1242 632927 F +44 (0)1242 661151 E [email protected]
www.ge.com/aviation 26 GE Title or job number 4/28/2020