Counterfeit mitigation: The small-company challenge
It's an unfortunate fact of life that anything of value can - and probably will - be faked at some point. While exciting stories of forged multimillion-dollar paintings and violins might make the news from time to time, the far more pedestrian fact is that counterfeiting of small electronic components is an unfortunately thriving business, and one of enormous potential consequence when lives depend on complex electronic equipment operating as anticipated. It is of absolutely vital importance to major defense contractors and the companies that supply them, not to mention to the warfighters who rely on this equipment, that counterfeit components not make their way into the field under any circumstances.
Unfortunately for the typical small company, the process of counterfeit mitigation can be complicated and daunting, with a steep and perilous learning curve. Without a deep understanding of the landscape of counterfeit components nor the resources to respond, a small company can be very significantly impacted should such parts pass through their receiving inspection, assembly, and testing process and subsequently ship to their customers. Bleeding-edge mitigation technologies like DNA marking are often discussed but are not yet well established; such advanced technologies are also often extremely difficult for small companies to implement.
The good news, however, is that resources do exist to enable small companies to develop effective internal processes and systems to address this problem, and to ensure that they are not “caught out” by counterfeit components.
Background: Internal and external requirements
Counterfeit-mitigation requirements typically flow down from customer’s purchase-order quality clauses, which can include requirements to comply with SAE Standard AS5553 – which covers high-reliability parts for space, defense, and aviation – a customer’s internal counterfeit-mitigation requirements, or both. The AS5553 standard itself mandates practices and documentation of activities having to do with supply chain, inventory management, procurement, receiving inspection, and receiving; it also covers the all-important issue of appropriate responses when suspect components are discovered.
In addition to the flow-down requirements of the AS5553 standard, any deal with a large defense contractor will also contain recursive flow-down clauses, under which the requirements imposed upon the prime contractor by its (usually government) customers will flow down to its subcontractors, who are also obliged to flow them down to their suppliers.
The challenges for small companies
The most daunting challenges for small companies implementing counterfeit component mitigation revolve around limited resources and understanding of how to implement the practical requirements of the AS5553 standard. While there do exist what amount to free-to-join “crowdsourced” supplier organizations that deal with counterfeit components, some organizations charge hefty membership dues, which may be onerous for a small firm. Moreover, small firms who themselves may deal with “mom-and-pop” shops may face resistance when passing along counterfeit-mitigation flowdown requirements to these shops. Adding to the pressure, many small manufacturers have to deal with part obsolescence or hard-to-find parts under the tight scheduling pressures so prevalent in aerospace and defense (A&D). They therefore may be compelled to engage with unfamiliar nonfranchised distributors, or distributors who are not directly under contract with the original components manufacturers themselves.
It’s important to state here that nonfranchised distributors are a vital and legitimate part of any supply chain, particularly in A&D, where customers may approach companies that require support for equipment that is decades old, and where manufacturers of the original components might not even exist anymore. In such situations, no distributor can possibly be expected to have a direct paper trail back to the original manufacturer. Many such components are often bought in somewhat randomly mixed lots, sometimes from first- and second-tier defense companies trying to get rid of old inventory. Without nonfranchised distributors, decades-old legacy equipment would never be able to continue to function and add value for perpetually cash-strapped A&D programs.
Other challenges facing small companies in this arena include the significant expense in requalifying parts once suspect components have successfully been quarantined. One of the biggest hurdles can be a broad organizational lack of familiarity with the nature of counterfeit-component mitigation.
How to avoid the bite of the counterfeit bug
Any counterfeit-mitigation program must begin with identifying the largest areas of risk, which typically resides with parts that are scarce or expensive. Examples include, but are not limited to, integrated circuits (ICs), central processing units (CPUs), memory chips, capacitors, resistors, and connectors of all types, which offer the greatest chance of “getting away with it” for counterfeit suppliers and the greatest potential payoff.
The second area companies can focus on is the documentation of a counterfeit-mitigation procedure that mirrors the AS5553 standard. This internal documentation, while following the AS5553 standard, must specifically identify high-risk components used by the company, clearly delineate how to qualify and deal with nonfranchised suppliers, and clearly specify the actions required when a suspect part is discovered. The procedure must also address flow-down requirements and supply-chain training where required.
In addition to this, small companies should obtain copies of their distributors’ own internal procedures for counterfeit mitigation, as well as visit and audit their distributors where necessary. If a company’s customers include large prime contractors, these big companies can also be a valuable resource for counterfeit-mitigation procedures and policies. The big primes, of course, have a vested interest in ensuring that counterfeit components do not slip into anyone’s production. They are usually very open to sharing their experiences and documentation with any of their suppliers looking to implement counterfeit mitigation. Prime defense customers are also often amenable to sharing lists of their approved nonfranchised distributors. Because of their sheer size, large prime contractors have the necessary resources to qualify, track, and maintain the approval status of nonfranchised distributors; small companies who count them among their customers should not hesitate to take advantage of these resources.
The fourth leg of the process consists of education and training: Here, as well, it starts with customers. Most large- and medium-sized defense contractors have high-end training programs for counterfeit mitigation, including videos, workbooks, and training manuals and are eager to share them with their suppliers.
Supply-chain education and management is a critical part of counterfeit mitigation, and the purchasing department must be engaged in the counterfeit-mitigation process. Purchasing may consider a policy of not purchasing from a nonfranchised distributors unless there is no other way of obtaining a certain part. If a nonfranchised distributor is the only option to obtain a hard-to-find component, a company may consider creating a stringent multilevel approval process where the customer must provide final approval – with the company not to proceed until this approval is secured.
When a company has completed its counterfeit-mitigation procedure, it must also make sure to train not just the employees responsible for receiving inspection but also the entire production staff, who may be fitting small components onto larger ones, soldering parts together, or otherwise engaging in activities that require an intimate familiarity with the components themselves. (Figure 1.) Anything from a slight change in component colors, shape, date stamps or other markings, or even an indistinct or messy supplier logo would stand out more clearly to production-floor staff, who see and handle components dozens of times a day. Anti-counterfeit vigilance must be encouraged and rewarded among all employees, given the stakes should counterfeit materials slip through and actually ship to a customer.
Industry resource organizations
There exist many organizations that are dedicated to counterfeit-component mitigation and which offer networking between members, standards, and best practices. Among them are the Government-Industry Data Exchange Program (GIDEP) –– a free-to-join organization of suppliers, distributors, and customers created to share information among its membership to help alert the industry to many types of problems, not just counterfeit components. In a way, GIDEP is a crowdsourced supplier knowledge base and a valuable resource for any company, large or small. A company can receive alerts on particular companies or components, and is also expected to inform GIDEP when they have encountered counterfeit components themselves. Through these means, knowledge can spread rapidly within the A&D community, making it even more difficult for counterfeit components to find their way into the field. Membership is available to government organizations, contractors, and suppliers in the U.S. and Canada. Corporate quality professionals should join GIDEP and report every counterfeit-component finding in their organization; this activity should be formally included as part of any company’s counterfeit-mitigation process.
Electronic Resellers Association International (ERAI) –– is a global organization that monitors, investigates, and reports issues affecting the global electronics parts supply chain, including the challenges surrounding counterfeit mitigation. Via reporting by its membership – in a similar way to GIDEP – ERAI maintains a global knowledge base and alert system focused on counterfeit and nonconforming component mitigation. However, it is not free to join, and membership costs vary depending on the size of the member company and the level of information companies wish to access. While anyone can submit a report, only members can access them or receive alerts.
Section G.1 of the AS5553 standard also provides a full list of other government organizations that may need to be notified in order to facilitate criminal prosecution. In short, the consequences of counterfeit components finding their way onto the field are so potentially grave for contractors of all sizes, not to mention for the men and women who depend on their products, that companies will definitely find a great deal of resources and guidance at their disposal as they attempt to implement counterfeit-mitigation programs.
Counterfeits on the production floor
A company has come across suspected counterfeit components – what should it do next? The company must follow its own internal procedure for segregating and containing the suspected nonconforming parts, but any procedures should include the following:
1. Segregate and quarantine the parts. Remove any parts in stores and on the floor, look for date codes, and identify all lots of potential parts in products that were already shipped to the customer.
2. Confirm the finding of counterfeiting.
3. Contact the part supplier. Notify the source of the suspect components that have been discovered. Tell them why the company believes that the parts may not be what they purport to be; such reasons could be and often are visual ones – the wrong-color components; a sloppy silkscreen, date stamp, or other information; marking stamps that do not conform to a known format, and the like. Allow the part supplier to investigate the issue; if unsatisfied with the investigation, proceed to contact the part manufacturer.
4. Contact the part manufacturer. Let the manufacturer know that the company believes it is holding parts supposedly manufactured by them that are suspected of being counterfeit. Send the manufacturer samples of the suspect parts, and ask them to confirm the findings. If the manufacturer confirms the findings of counterfeiting, proceed with customer notification.
5. Notify the customer. Companies of course dislike being in the unenviable position of having to notify their customers that they may have accepted or even fielded counterfeit parts. As unpleasant as this will be, companies can take heart in the fact that their customers will ultimately appreciate any reliability and transparency regarding counterfeit information; this then enables customers to take their own internal and external steps to mitigate the problem.
6. Notify GIDEP and ERAI, which amount to crowdsourced knowledge bases for all members of the A&D industry. Without openly shared information, such knowledge bases would rapidly cease to be useful, so companies must take the time and responsibility to pass on their findings.
It’s all about preparedness and vigilance. As a company adheres scrupulously to well-documented counterfeit-mitigation procedures, it will begin to build a reputation for trustworthiness and transparency in the industry, and will gain reliability with customers that will stand it in excellent stead in the future. Counterfeit mitigation takes time and energy to put in place but once it is incorporated and part of an organization’s culture, a company has created the most powerful tool to ensure the safety and reliability of its equipment and products – and ultimately the safety of the warfighter.
LCR Embedded Systems www.lcrembeddedsystems.com