And why safe-haven regions might be the answer to preventing counterfeit intrusions.
The business of counterfeit components has flourished to fill the void of obsolete and hard-to-find parts. The black market has grown year to year, increasing counterfeit intrusions in devices in application. Extensive work has been done to search and destroy counterfeit components. Yet fake parts – especially advanced/clone-type devices – continue to escape detection and appear with increasing regularity in the electronics supply chain.
The business of counterfeiting is entering a new phase, which should raise an alarm on a much greater scale. Herein we look at the latest reports in the industry and what can be done to hold off an apocalyptic era in technologies.
The Past: Emergence
Counterfeit components came about by scavengers who salvaged used and discarded original component manufacturers’ (OCM) devices from scrap electronics waste (e-waste). The counterfeiters evolved by perfecting the art of cosmetically altering scrapped components to appear factory-new and unused. The most common counterfeit processes used to alter these earlier devices included applying the "epoxy-based" blacktop coatings, micro-blasting and flat-lapping, all three of which were initially identified by the labs at SMT Corp. Many of these parts came complete with counterfeit packaging and labels, fraudulent OCM Certificates of Conformance and, in some cases, bogus test results. Counterfeits entering the global supply chain created latent “field failure” situations that affect equipment as varied as transportation (aircraft, vehicles, boats), control boards (machinery, utilities, traffic controls), industry (automation, robotics, measurement devices), medical instrumentation (patient care, medical diagnostics, laboratory equipment) and so on. Failures in such devices pose risk of operation, including danger to human life.
In January 2015, as part of a series on how to contend with the growing epidemic, I suggested the US government take a direct leadership role in breaking the lethargic counterfeit solution trends found between OEM and EMS.1 The “inconvenient truth” is just that: aggressive counterfeit detection methods mired in apathy and indifference to avoid added costs to the bottom line. Some distributors in the US are enabling counterfeiters through their use of loose and, at times, undocumented tests for authenticity. In doing so, they are blurring the need to certify or authenticate components. The counterfeit industry is not a club exclusive to China.
Today: The Clone Wars
Over the last five years, advanced counterfeits (clones) have become the fastest growing counterfeit technology threat showing up in global supply chains.
Clone die are being manufactured both knowingly and unknowingly in wafer fab facilities largely in China and then packaged and sold as new products bearing the names of respected OCMs outside of China. Clone devices can look and test well initially, yet represent a high potential for premature catastrophic failure.2
Tom Sharpe, president of SMT Corp., an industry leader and innovator in advanced counterfeit detection, has been tracking the emergence of cloned devices for many years.2 “SMT has seen clones appearing in the global supply chain since 2012,” he says. “Unfortunately, the newer clones in SMT today are cosmetically and functionally better than those first detected five years ago – and there seems to be a lot more of them.”
When discussing clones, cybersecurity intrusions become a compounded subject of concern. Cloned ICs can be designed to imbed “phone home” capability designed to compromise confidential information and forward it electronically to data pirates. Confidential data at consumer, commercial or government databanks are all at major risk.
Cloned ICs can also be programmed to receive external instructions for the purpose to jam, turn off or provide false instructions to critical devices. Control signals to instruct functions of transportation, public utilities, industrial controls or military equipment can be corrupted with false instructions, causing lethal and catastrophic results.
Clones are now in the supply chain and cannot be overlooked by the electronics industry. There is no doubt clones will present a much different challenge, as clones not only compromise performance but violate cybersecurity.
The developing technologies to detect counterfeits can be described as a cat and mouse game. As counterfeiters become more sophisticated in counterfeiting techniques, counterfeit detection houses race to catch up. Clones do present a much more challenging task of detection.
Sharpe advises the leap to close the gap on early-detection technologies of advanced/clone counterfeits remain in high-gear. “Although the clone manufacturers had initially gone after the low-hanging fruit of the high-volume, lower-cost commercial parts market, SMT is beginning to detect much more expensive and complex device types – most of which are still in production today.” He further states, “This trend is extremely worrisome when you factor in malicious cyber intent at the nation state level, as opposed to profit-only intent at the black-market level.”
With highly publicized recent breaches in cybersecurity seemingly the norm, the consequences of a lack of attention to protect cybersecurity are front and center. A Sept. 15, 2017, article in CNN Money highlights the impact of a data breach into credit score firm Equifax. The following is an excerpt:
The Federal Trade Commission confirmed that it is opening an investigation into the data breach. Lawmakers have requested that the commission look at Equifax's security lapses and its poor handling of customer service after the breach was disclosed…. Scott Vernick, privacy and cybersecurity expert at Fox Rothschild, said, "I think these companies with large amounts of data are going to have to certify that they're meeting a certain level of security."
It is likely the measures taken to enhance Equifax’s cybersecurity will carry over to other industries. Will distributors, EMSs and OEMs be held to the standards being established in the Equifax case? Will participating companies in the distribution, EMS and OEM circle be held liable for data breaches? Cloud data are taking on a growing percent of data storage. With cloned ICs in data storage devices, the looming threat of cybersecurity breaches is immense.
The Future: Global Steps to Eliminate Clones
With clones now having the capability of violating cybersecurity, we have identified the next high-tech global crisis. This problem is not exclusive to the US or its close allies. This problem will impair every nation where confidentiality and integrity of information is prized. Given how the counterfeit detection industry has evolved, a mass effort to curtail clones will look no different from what we have today: a mashup of effective and ineffective counterfeit detection organizations. Without debate, the wide spectrum of detection organizations must be graded to separate the effective ones from the rest of the pack.
We cannot afford to wait for a universal process to weed out counterfeits, especially clones. Making matters worse, the overlay of OEMs, EMSs and open market distributors (unauthorized), coupled with the need to remain cost-competitive, means for many counterfeit detection is a cost-prohibitive ideology. However, the same energy of competition could be applied to create small regions: that is, regions where state-of-the-art anti-counterfeit detection and commercial processes are in action. These “safe-haven” regions could range from a standalone company to a city, a state or an entire nation.
In the US alone, several select counterfeit mitigation companies demonstrate the latest in counterfeiting techniques. These companies invest in R&D to keep up with counterfeiters’ evolving technologies. In collaboration with these select counterfeit detection organizations, an individual EMS (or region) will gain the necessary and ongoing processes to become a viable safe-haven EMS participant. The collaboration would be subject to individual relationships between the detection companies and the regions’ government or individual EMS entity(s).
As the number of clones increases and is linked to cybersecurity, safe-havens will attract OEMs commissioned to prevent possible catastrophic results. Where those OEMs have no tolerance for failure, they will elect to choose EMSs operating in safe-haven regions.
Safe-haven regions can be located anywhere: Cleveland, Manila, Johor Bahru, Dongguan, Brno, Reynosa, Vancouver and so on. They could be as specific as an industrial park – similar to a bonded warehouse – or as broad as a nation. OEMs will seek safe-haven options that are strategic to their product requirements and necessary logistics.
To offset added cost increases due to effective counterfeit detections, insurance companies could underwrite programs with safe-haven links. This could apply to EMS and OEM businesses. In addition, the governments of these Safe-Haven regions, whether local or national, can also lower the burden of costs through tax abatements. In all, the lure of new business to safe-havens will give notice to the industry that counterfeits can be arrested effectively. Participating EMSs will be promoted in a new competitive light, locally and globally, through the virtues of their services.
EMS companies, or regions, that struggle in obscurity under the label of “generic and ordinary options” will benefit by stepping up to the safe-haven podium. Safe-havens will attract new customers, new business platforms, new design opportunities and new markets to companies or places traditionally overlooked as non-preferred EMSs or areas. Successful safe-haven pilots will breed more of the same, establishing a new wave of counterfeit detection directives. With such trends in the industry, the initialization of an effective remedy, motivated by the spirit of business competition for the right reasons, will turn the tide against the counterfeit industry.