How to Become DFARS Compliant and Avoid Counterfeit Parts in the Aerospace and Defense Supply Chain
- Aerospace & Defense
A fighter jet suffers a critical system failure during flight. The guidance system in a defense battery fails to intercept incoming missiles. A naval ship at sea loses navigation abilities.
These types of nightmarish possibilities worry both defense contractors and the Department of Defense (DOD). If counterfeit electronic parts make it through the supply chain and into a mission-critical military asset, the potential for a worst-case scenario increases.
In 2014, Massachusetts resident Pierre Picone pleaded guilty to selling counterfeit integrated circuits (IC) to the U.S. Navy over the course of 5 years. The stakes could not have been higher—Picone knowingly supplied counterfeit parts for use in nuclear submarines.
According to the Department of Justice, he conspired with suppliers in China and Hong Kong to sell over 12,000 counterfeit ICs for millions of dollars. These counterfeits featured markings normally found on legitimate parts from “approximately 35 major electronics manufacturers, including Motorola, Xilinx, and National Semiconductor.”
After several recent investigations revealed the extent of counterfeit infiltration in the defense supply chain, Congress took action, modifying the rules for contractors concerning the detection and avoidance of counterfeit parts as part of the National Defense Authorization Act of 2012 (NDAA). Rules for contracting with the DOD are outlined in the Defense Federal Acquisition Regulation System (DFARS).
This article will examine the scale of the counterfeit parts problem and what’s changed in acquisition regulations to try to address it. We’ll also provide questions and strategies to help contractors improve systems and processes for combatting counterfeit electronic parts in the aerospace and defense supply chain.
The Origin of DFARS Compliance Requirements
Back in May 2012, after a year-long investigation, the Senate Armed Services Committee (SASC) released a report about electronics counterfeits in the defense supply chain. The investigation unearthed 1,800 cases of “bogus parts” with a total number of suspect counterfeit parts exceeding 1 million. The SASC “discovered counterfeit electronic parts from China in the Air Force’s largest cargo plane, in assemblies intended for Special Operations helicopters, and in a Navy surveillance plane.”
Based on its findings, the SASC formed eight conclusions, including:
- Most counterfeit electronic parts in the defense supply chain are sourced from China.
- Permitting contractors to recover costs as a result of their own failure to detect counterfeits was counterproductive to DOD’s goals.
- The defense industry routinely failed to report cases of suspect counterfeit parts.
- The defense industry’s “reliance on unvetted independent distributors” results in risks to national security and military personnel.
Richard Meene, Director, PriceWaterhouseCoopers Advisory Forensic Services, Government Contracts Practice, sees the magnitude of the counterfeit electronic parts problem as “huge” for several reasons:
“First, the amount of electronic counterfeit parts in the supply chain is estimated to be significant. Second, the economic effect of counterfeit parts proliferation artificially lowers prices and puts strain on businesses that supply electronic components to the government. Finally, the risk of loss due to the inclusion of a nonconforming part in critical defense infrastructure is major; just think of counterfeit components being included in the navigation system of a military fighter jet, or in the guidance and control system of a missile.”
Understanding DFARS Compliance
Key DFARS clauses related to supply chain security and counterfeit parts avoidance include DFARS 252.246-7007 and DFARS 252.246-7008.
According to DFARS 252.246-7007, the definition of a counterfeit electronic part is:
“An unlawful or unauthorized reproduction, substitution, or alteration that has been knowingly mismarked, misidentified, or otherwise misrepresented to be an authentic, unmodified electronic part from the original manufacturer, or a source with the express written authority of the original manufacturer or current design activity, including an authorized aftermarket manufacturer. Unlawful or unauthorized substitution includes used electronic parts represented as new, or the false identification of grade, serial number, lot number, date code, or performance characteristics.”
While a suspect counterfeit electronic part is:
“An electronic part for which credible evidence (including, but not limited to, visual inspection or testing) provides reasonable doubt that the electronic part is authentic.”
DFARS Final Rule on Counterfeit Parts
Congress responded to the counterfeit parts problem through a new rule in Section 818 of the NDAA. After public review and discussion, the final rule was published in May 2014 and can be found at DFARS 252.246-7007.
Compliance with this regulation requires all prime contractors (those subject to Cost Accounting Standards (CAS)) to establish an “acceptable counterfeit electronic part detection and avoidance system.” This requirement also flows down to subcontractors supplying electronic parts to prime contractors, including commercial off-the-shelf (COTS) parts, as well as any other components, parts, or assemblies.
The full requirements of such a system can be found in DFARS 252.246-7007. Among other things, each system must have processes in place to:
- Train personnel
- Inspect and test electronic parts
- Trace parts through the supply chain and use unique identifiers
- Quarantine counterfeit and suspect parts
- Report counterfeit or suspect electronic parts appropriately
- Use the best choices for suppliers
- Stay informed of industry reports and current counterfeiting trends
Another big change for contractors focuses on the issue of financial liability if a counterfeit electronic part causes a failure of a delivered product.
In the past, the cost of fixing a problem due to a counterfeit part could usually be passed to the government.
Now, if the government finds that the contractor failed to establish an adequate detection and avoidance system, the contractor may be liable for these costs. While replacing a microchip would not cost much, if it caused the failure of a large military asset, the associated costs could be staggering.
How Counterfeit Electronic Parts Enter Supply Chains
Counterfeit electronic parts can be outright non-functional fakes, mismarked new parts that are sold as more expensive or higher quality parts, or the result of design theft and unauthorized part manufacturing.
The aerospace and defense industries use only a small fraction of the semiconductors produced globally, so most counterfeit electronic parts are intended for the consumer or business-to-business markets.
Common ways counterfeits get into the supply chain include:
Often, counterfeiters will harvest circuit boards from discarded electronic devices. Counterfeiters then remove the tiny integrated circuits (ICs) or microchips from the circuit boards (often by banging them), sand or chemically strip off the manufacturer’s markings, clean the chips (often in a dirty river), then dry and apply fresh markings with new part numbers.
With the correct part numbers and manufacturer’s markings, these counterfeits can be surprisingly difficult to identify and catch.
Sometimes the price may seem too good to be true. But usually, only testing will reveal counterfeits. And unfortunately, counterfeits sometimes pass the initial tests.
Intellectual Property Theft
Another way counterfeit electronic parts can enter the supply chain is through the theft and subsequent modification of the original manufacturer’s intellectual property. The design or manufacturing process may be modified to produce the parts more cheaply and increase profit for a sophisticated counterfeiter who is fabricating ICs.
While these parts may function, they aren’t built to baseline specifications and could be more prone to fail under real-world conditions. The only way to know with absolute certainty what is inside a chip is to break it open and have a computer optically compare its contents with the original design using high-power microscopes.
The cost of this testing may approach the cost of the original R&D to design the chip and would rarely be pursued outside of high-stakes legal cases concerning intellectual property.
Suppliers May Unwittingly Stock Counterfeits
Experts frequently caution contractors to validate supply chains up front. Become familiar with your suppliers and your suppliers’ suppliers. Many counterfeit electronics leak into the supply chain through unknown groups without the supplier’s knowledge. Suppliers and distributors may be carrying counterfeit parts without realizing it.
A prior report by the Bureau of Industry and Security (BIS) reinforced this supply chain weakness. The report noted that the industry has generally regarded authorized distributors as safe and unauthorized distributors as risky, however, “OTE survey data shows that these preconceptions confuse the true nature of the counterfeiting problem. Many authorized distributors assume the parts they acquire directly from OCMs are legitimate and do not require testing. However, survey data shows that some authorized distributors also assume parts purchased outside of their OCM agreements are legitimate and do not require careful screening. This practice, combined with buying back excess inventory from customers, has introduced counterfeits into the inventories of authorized distributors.”
8 Supply Chain Factors Contractors Should Consider
Defense and Aerospace contractors have a particularly difficult situation with counterfeit electronic parts because it often takes a long time to source and receive the specialized parts for these types of projects. Contractors urgently need a good process in place for researching new suppliers and an airtight purchasing system.
Experts warn that the market is flooded with counterfeit parts and that contractors may not know until the counterfeits reach quality control. At that point, however, it’s too late. For instance, if an ordered part has a 6-month lead time, a manufacturer may have to wait another 6 months for a genuine part if the first was counterfeit.
To help contractors strengthen systems and processes that prevent counterfeit electronic parts, consider the following questions:
- Does your supplier have proper procedures in place to prevent counterfeit parts from getting into its supply chain?
- How confident are you that your distributors follow proper procedures in acquiring the parts they deliver to you?
- Is your internal quality control team trained to spot counterfeit parts before they are received into your inventory?
- Does your inventory system have the capability to “quarantine” or isolate suspected counterfeit parts?
- Does your procurement system allow you to place vendors on hold while you investigate suspected counterfeit parts? Can it apply sanctions to vendors who have supplied counterfeits?
- When you’re validating or approving a new vendor, what do you expect that vendor to produce for you (certifications, documentation) to ensure the vendor won’t supply you with counterfeit parts?
- Do your inventory systems include the ability to perform full tracking and traceability back to the original purchase, supplier, and manufacturer information?
- If your processes do identify bad quality or counterfeit parts, what steps are taken to remove these parts from your inventory immediately? In the longer term, how will you keep those parts out of your supply chain?
Tips for Avoiding Counterfeit Parts in the Supply Chain
Defense and aerospace contractors need to implement process improvements to avoid, detect, and trace counterfeit parts in the supply chain. The following mitigation strategies tie into specific DFARS system requirements.
In addition to reviewing processes, contractors may need to strengthen aspects of their purchasing, inventory control, and other IT systems in order to be confident of their compliance with DFARS.
Order from Original Manufacturers or Authored Partners
According to a report released by the Aerospace Industries Association (AIA), the DOD recommends purchasing electronic parts from original manufacturers or “sources with the express written authority of the original manufacturer or current design activity, including an authorized aftermarket manufacturer or suppliers that obtain parts exclusively from one or more of these sources.”
Although purchasing electronic parts from the original manufacturer is the safest way to avoid counterfeits, there are many instances when contractors cannot source parts in this manner.
Most military aircraft have a service life of more than 40 years. During that time, the computers used to support the aircraft will change 9 or more times, and its software will change at least 3 times.
The AIA, therefore, concludes that:
“Supporting aerospace and defense products throughout their lifecycle sometimes requires the use of parts that may no longer be available from the Original Component Manufacturer (OCM), original equipment manufacturer (OEM), authorized aftermarket manufacturer or through franchised or authorized distributors or resellers.”
PWC pointed out that although the government wants to reduce costs, parts sourced through OEMs usually come with a premium price tag. And as platforms mature, OEMs often stop producing parts.
Contractors must then rely on after-market parts manufactured by another company or surplus original parts. Both types are sold primarily on the riskier gray market. Maintaining a sufficient stock of clean inventory from a trusted source will be important.
Research New Suppliers Carefully
PWC also advises contractors to determine the depth and breadth of their new vendor research based on the amount of business risk that may be incurred.
For example, in the purchase of a small quantity of parts for non-critical systems from a new supplier, simple open-source research to determine if the supplier is a legitimate company with proper licensing and a physical location may be sufficient.
When the stakes are higher, due diligence should align with perceived business risk. For highly sensitive projects, research might include a site visit to look for signs of counterfeiting operations, reviews of the supplier’s purchasing and counterfeit detection systems, and deeper background on the officers and owners.
Toughen Up Terms and Conditions for Purchasing
Contractors require a solid purchasing system, and DCMA routinely conducts Contract Purchasing System Review audits to ensure purchasing process integrity.
With the new DFARS rule for counterfeit detection and avoidance, contractors need to employ tougher, more explicit terms and conditions in their purchase orders (PO) to suppliers. For example, contractors can specify they’ll only accept certain brands of parts obtained from original manufacturers.
Terms and conditions should also require suppliers to maintain their own adequate counterfeit electronic part detection and avoidance systems in compliance with the DFARS rule.
Tighten Quality Control and Testing
An important part of the detection and avoidance system involves preventing counterfeits from making it into inventory by catching them at receiving. Contractors may need more robust quality control and testing procedures for electronic parts.
First, it may be necessary to have an inventory system with the ability to put parts “on hold” during receiving until the parts can pass quality checks. This way, untested parts can’t mistakenly get into production.
It’s also helpful to be able to isolate any suspected counterfeits in the inventory system while waiting for a supplier remedy.
Parts should be visually inspected for obvious signs of counterfeiting, including sanding marks, polymer fillers, bent leads, and markings or artwork that don’t match the manufacturer’s product sheet.
Inventory testing plans, like new supplier research, should be based on the level of perceived business risk. When a contractor receives parts directly from an OEM, a limited testing protocol may be appropriate.
For riskier supply situations, testing should be more extensive. It could include performance testing, and perhaps x-ray examination against specifications or even destructive testing that consumes a sample of the parts.
Trust, But Verify (Audit Suppliers Over Time)
Sometimes a contractor must use a supplier who is not an original manufacturer or an authorized sales partner. After doing research and establishing a business relationship, contractors should also have a system in place to monitor performance over time, making certain that the supplier does not switch to a less reliable part or a counterfeit part after making initial deliveries of legitimate parts.
Report Suspected Counterfeits Promptly
Contractors should ensure they have an internal process in place for reporting suspected counterfeits to the Contracting Officer and to the Government-Industry Data Exchange Program (GIDEP), as required by DFARS.
Personnel should be trained on the proper way to report, and there should also be a process for getting the purchasing team involved in order to pursue remedies with the parts supplier.
Enhance Traceability with Automated Data Collection
Supply chain process and technology improvements must address the core issue of traceability. Under the new DFARS rule, contractors must put in place “processes for maintaining electronic part traceability (e.g., item unique identification) that enable tracking of the supply chain back to the original manufacturer, whether the electronic parts are supplied as discrete electronic parts or are contained in assemblies.”
Traceability is therefore a reality for contractors to be compliant on defense projects. This involves tracking through the product genealogy or as-built configuration, which goes down to the level of serial and lot information.
Contractors end up with 3 different custom bills of materials:
Each must have traceability to go with it. If counterfeits do slip into a finished product and it comes down to penalties, contractors risk losing their contract, if nothing else. That could mean going out of business.
The DOD leaves contractors with the flexibility to decide what system to use for traceability.
In analyzing the DFARS requirements, legal firm Crowell Morning noted:
“The contractor’s processes must, however, include certification and traceability documentation; clear identification of the name and location of supply chain intermediaries from the manufacturer to the direct source of the product for the seller; and, where available, the manufacturer’s batch identification for the electronic parts, such as date codes, lot codes, or serial numbers.”
Covington & Burling, LLP further cautioned:
“Although there is no mandated traceability technology, the preamble to the final rule notes that ‘with regard to mission-critical electronic parts that could impact human safety, DOD does have a zero-tolerance policy.’ The rule does not define what qualifies as an ‘impact on human safety’ or what consequences may be imposed for failure to meet that standard.”
Benefits of Automating Parts Traceability
At many companies, traceability is a manual, paper-based process. At best, information is stored on a spreadsheet or isolated database.
If a counterfeit part is discovered coming into inventory, a contractor needs to respond quickly—isolating that part and any others like it. However, tracking counterfeit parts through a paper trail is usually a slow and tedious process.
An automated data collection solution reduces manual errors and speeds up traceability. Using barcoding or RFID and mobile handheld scanners, employees can track and trace inventory as it moves into and through the supply chain. With an integrated automated data collection solution, information in a contractor’s ERP system can be updated in real-time during receiving, testing, internal transfers, manufacturing, and order fulfillment.
For example, as a shipment of ICs is received from a supplier, employees use handheld barcode scanners to instantly capture date information and lot and serial numbers, before passing the parts on for identification, verification, and testing. If an electronic part is suspected to be counterfeit, employees can quickly isolate that inventory with another scan to capture data.
On the other hand, if an IC is accepted into inventory, traceability information will follow it through each stage of production, as it gets added to components and part assemblies and finally becomes part of a finished and delivered product.
Mobile data collection results in greater efficiency and visibility in the warehouse, storeroom, shop floor, plant, or even out in the field or shipyard.
Automated data collection increases accuracy dramatically over processes requiring manual work.
If a contractor needs to respond to an audit, automated data collection can trace items in minutes that might take hours or days to track down by paper invoices and purchase orders.
To fully automate the traceability process, it’s important to select a mobile data collection solution with approved integration to existing ERP, inventory control, and/or purchasing systems.
Explore traceability success stories for the aerospace & defense supply chain.READ NOW »
The Bottom Line on Counterfeit Risks
When lives are at stake and national security may depend upon the quality of a work product, there’s no place for counterfeit, substandard parts. The final rule published at DFARS 252.246-7007 mandates that prime contractors and their subcontractors must establish a system for the detection and avoidance of counterfeit electronic parts. The DOD and contractors are working together to eradicate counterfeit electronic parts from the defense and aerospace supply chain.
Implementing strategies suggested by the DOD and supply chain experts for minimizing risks is the best path forward, including establishing an airtight system for tracing parts all the way back to the original manufacturer.
As with other highly regulated industries that impact human safety, defense contractors can benefit from a mobile data collection solution to enhance tracking and traceability of parts in the supply chain. A mobile data collection solution can provide the ability to automate traceability throughout the supply chain, rapidly identify and report suspected counterfeit parts, and comply quickly with traceability audits.