Evolving Counterfeit Component Threats and Industry Mitigation Efforts

1
Evolving Counterfeit Component Threats and
Industry Mitigation Efforts

• Stephen Schoppe
• Glenn Robertson
• Process Sciences, Inc.
• Leander, Texas
• 512.259.7070
• www.process-sciences.com

2
Introduction

• A growing problem in all industry sectors
• Openings for counterfeiting
• High price components
• High demand/scarcity
• Obsolete/out of production
• Potential for introducing malicious code
• Sabotage immediate or future
• Potential espionage

3
Introduction

• How do counterfeits enter the supply chain?
• Often starts with remarking of reclaim/eWaste
• Refurbished used part represented as new
• Altered date code
• Consumer grade marked as mil
• Upgrade to later/preferred/scarce part type
• Low-grade passives marked as precision value(low
  tolerance) type
• Completely different part
• Manufacturing defects diverted from scrap bin
• Surplus production from OEM (4th shift)
• Acquisitions/Purchase of surplus inventories
• Return of mixed inventories to distributor

4
Mitigation Strategies - Users

• Essential to establish Due Diligence
• Establish supply chain policies
• Evaluate risks from lowest bidder
• Use authorized distributors where possible
• Write purchase contract carefully
• Supplier Qualification
• History with reporting organizations - BBB, DB,
  etc.
• Google search, including street view of address
• Memberships ERAI, GIDEP, IDEA etc.
• Certifications - ISO, IDEA-1010, CCAP-101, etc.
• Quality systems for receiving inspection, ESD,
  etc.
• Onsite audit if possible

5
Mitigation Strategies - Users

• Access to industry database(s)
• Decision process for authentication testing and
  quarantine/reporting of suspect parts
• Disposition
• Dont just return to distributor inventory
• Destroy verify?
• Staff training/qualification

6
Mitigation Strategies - Distributors

• Anti-Counterfeit Policies
• Increased scrutiny of sources
• Awareness of evolving counterfeiting methods
• Use of industry resources ERAI, GIDEP, IDEA
• Establish incoming inspection procedures
• Authentication testing in house or outsource
• Staff training/qualification

7
Industry Mitigation Efforts

• Counterfeits Databases
• Searchable databases of suspect components
• Information from reports submitted online
• Only members can access, anyone can submit report
• GIDEP (www.gidep.org)
• Operated by US Government, established 1959
• ERAI (www.erai.com)
• Privately held reporting and investigation
  service
• Escrow and dispute resolution services
• IDEA (www.idofea.org)
• Privately held association
• Maintains extensive Membership Code of Ethics

8
Industry Mitigation Efforts

• Standards Organizations
• SAE G19 Committee
• chartered to address aspects of preventing,
  detecting, responding to and counteracting the
  threat of counterfeit electronic components
• AS5553 (released 2009, rev A in progress)
• Counterfeit avoidance requirements for OEMs and
  CMs
• Adopted by DOD
• AS6081 (released December 2011)
• Similar to AS5553
• Prescriptive avoidance requirements for
  distributors
• AS6171 (in preparation)
• Intended to standardize test methods
• Covers a variety of tests
• Includes sampling plans
• ARP6178 (in preparation)
• Methods for risk assessment of distributors

9
Industry Mitigation Efforts

• Standards Organizations (continued)
• IDEA (Independent Distributors of Electronics
  Assoc.)
• IDEA-STD-1010B
• Visual inspection practices and requirements
• Includes acceptability criteria
• ISO (Europe)
• PC 246 and TC 247 committees established (2009)
  to develop standards related to combating fraud
• Coordinating with ANSI in USA
• iNEMI Consortium
• Develop and assess improved methods for data
  exchange, authentication and traceability
• Includes development of metrics to assess the
  problem and measure program(s) effectiveness/cost

10
Industry Mitigation Efforts

• Training Certification Programs
• IDEA
• Certification to IDEA quality standards
• Inspector training and certification based on
  1010B
• CTI CCAP Program
• Counterfeit components avoidance and
  certification program for Independent
  Distributors
• Training addresses detection and prevention of
  counterfeit components
• Seminars and Workshops from SMTA, CALCE, and
  other organizations

11
Government Initiatives

• International efforts to reduce supply
• Take-back laws
• Divert eWaste to reuse/recycle
• Varies by country/state
• Restrictions on eWaste disposal
• Regulated under the Basel Convention on Hazardous
  Waste (1992)
• Includes 170 member countries, USA not a member
• Regulated in USA under RCRA as Hazardous Waste
• Currently no provisions specific to eWaste
• Possible future updates
• Direct USA diplomatic initiatives

12
Government Initiatives

• Increased US Customs Scrutiny
• Congress hearings/proposed legislation
• National Defense Authorization Act (FY 12)
• Levin/McCain amendment provisions
• Requires DOD to define counterfeit part
• Increases counterfeiting penalties for DOD
  contracts
• Requires improved counterfeit avoidance
  methodology for DOD and its contractors
• Mandatory counterfeits reporting (when
  discovered) for military and DOD contractor
  personnel
• Contractors are responsible for remediation cost
  when counterfeits are discovered

13
Authentication Testing

• The second line of defense
• Non-Destructive (sampling or 100)
• Visual/Component data
• Radiographic (X-ray)
• X-ray Fluorescence (XRF)
• Electrical test
• DC
• Functional
• Destructive
• Reveals surface of Silicon chip
• Chemical Decapsulation or Mechanical Delid

14
Authentication Testing

• External Visual Inspection
• Inspect external packaging materials and labels
• Compare appearance and font/symbology with
  Golden part if available
• Inspect package for evidence of remarking
• Blacktopping
• Sanding scratches
• Discrepancies in surface texture

15
Authentication Testing

• External Visual Inspection
• Inspect Lead Condition
• Surface Appearance
• Straightness and Coplanarity
• Marking permanency test
• Mineral Spirits (JEDEC JESD22-B107C)
• MEK, Acetone, Alcohol also used
• Change in markings orsurface appearance/texture

16
Authentication Testing

• Check component information
• Consult Manufacturers Data Sheets
• OCMs data sheets/websites
• Distributors
• Other sources (e.g., prior inspections, customer
  data)
• Date/Lot Code histories
• Company histories
• SC OEMs
• Mergers, name changes, plant closings/relocations

17
Authentication Testing

• Radiographic Inspection
• Solder ball pattern
• Chip size/count
• Wire bond count/pitch
• Flip chip bump count/pitch
• No need to open package
• Possible radiation damage currently under
  evaluation by G19 Radiological Inspection SG

18
Authentication Testing

• XRF Testing
• Rapid semi-quantitative elemental analysis
• Typically used for
• RoHS compliance screening
• Verify Pb-free lead finish, or presence where
  required
• Ceramics analysis (typically caps)

19
Authentication Testing

• Electrical testing
• Broad range of tests depending on component type
  and level of risk
• DC testing (VOM, curve tracer) for discretes
• ICs/actives require specialized test equipment
  and programming
• Basic functional test vs full specification range

20
Authentication Testing

• Chemical Decapsulation
• Exposes surface of Silicon chip
• Used on epoxy packages
• Acid etching most common

21
Authentication Testing

• Mechanical Delidding
• Metal or ceramic packages
• Diamond saw or Dremel
• Lid pry-off

22
Some Concerns

• Increased direct and indirect costs
• Maintain process documentation/certifications
• Staffing/training
• Cost and time required for testing
• Authentication testing issues
• Availability of historical data date codes,
  etc.
• New remarking methods
• New Blacktop material resistant to test solvents
• Use of micro-sandblasting to remove original
  markings now under study by G19 SG
• Functional test challenges
• Test equipment/fixtures availability and support
• Availability of programming expertise

23
Some Concerns

• Legal
• Clear agreed definitions for counterfeit,
  fraudulent, suspect, etc.
• Clarify mandatory reporting requirements
• By whom and to whom?
• When required? includes suspect parts?
• Protection of customer/supplier confidentiality
• Define liabilities
• Parts falsely identified as non-conforming (alpha
  risk)
• Failure to identify counterfeits (beta risk)
• Responsibilities for consequences of
  incorporation of counterfeits into equipment
• Evaluate/maintain/demonstrate Due Diligence

24
Conclusions

• Counterfeits constitute a serious and growing
  threat for users of electronics
• Government and industry mitigation efforts are
  ongoing
• Procedural, communication, training, etc.
• Technical solutions
• Users and distributors must assess their risk and
  establish a comprehensive plan
• Challenge to balance risks vs. costs
• Counterfeit threats always evolving
• Authentication testing for suspect components
• Maintain awareness of legal requirements

25
Conclusions

• There is a flood of counterfeit microchips into
  the military, including in critical weapons
  systemsThe counterfeiters are utterly ruthless,
  nimble, and getting increasingly better at their
  copies.
• - Dr. James A. Hayward, Applied DNA Sciences
• No one practice or combination of practices
  will prevent counterfeit components from entering
  the supply chain, but every element of the supply
  chain must work together to solve the problem.
• - Dan DiMase, G19 Committee Chairman

26
Some References

• Defense Industrial Base AssessmentCounterfeit
  Electronics, report available at www.bis.doc.gov
• Best Practices in the Fight Against Global
  Counterfeiting,report available at www.ansi.org
• US Senate Passes Anti-Counterfeit Electronics
  Bill,article available at www.circuitsassembly.co
  m
• China Counterfeit Parts in U.S. Military Boeing,
  L3 Aircraft,article available at
  www.businessweek.com
• Counterfeit Parts Control Plan Implementation,pre
  sentation by Dan DiMase, available at
• http//supplychain.gsfc.nasa.gov/SC201020-20D.
  20Dimase-rev.pdf
• www.anticounterfeitingforum.org.uk, list of
  UK-based resources
• ERAI, IDEA, GIDEP websites
• LinkedIn anti-counterfeiting groups
• Missile Defense Agency Will Fight Parts Defects,
  article available at
• www.bloomberg.com/news/2011-12-29/u-s-missile-def
  ense-agency-to-crack-down-on-poor-quality.html

27
Thank You!Questions?
Stephen Schoppe sms_at_process-sciences.com
Glenn Robertson glennr_at_process-sciences.com