U.S. Navy Enhances Counterfeit Risk Mitigation for Weapon Systems in New Guidebook
In June, the U.S. Department of the Navy released the "Counterfeit Materiel Process Guidebook, Guidelines for Mitigating the Risk of Counterfeit Materiel in the Supply Chain". As stated within, the purpose of the guidebook "is to equip DON activities with a practical tool for implementing a risk-based counterfeit materiel prevention program and provide implementing guidance to address the requirements delineated in the DON policy."i
Given the often-cited statistic provided in the Senate's 2012 "Inquiry Into Counterfeit Electronic Parts in the Department of Defense Supply Chain" of over 1 million suspect counterfeit parts existing in the military supply chainii, the Department of the Navy's (DON) concern is not unwarranted. During this year alone, the Navy has experienced four collisions, one resulting in the death of 10 sailors aboard the USS McCain, prompting some news outlets to speculate on the possibility of at least one of these events as a cyber-attack against the military. While to date no evidence has been provided to support the claim, naval investigators are reportedly looking at cybersecurity in their investigations into the USS McCain incidentiii as the risks to weapon systems remain a valid threat regardless of the results of the probe. Of note, within the definition of counterfeit materiel in the Guidebook, a specific example of "Materiel containing additional features or capabilities not intended by the OM* (e.g., added malicious functions, modified firmware, etc.)" has been included. *Editor's note – OM is defined as Original Manufacturer throughout the Guidebook.
The Guidebook provides a risk-based approach for the acquisition of electronic parts, mechanical parts and other materiel through seven different categories: Part I, Assessing Counterfeit Materiel Risk; Part II, Supplier Selection and Procurement; Part III, Documentation; Part IV, Contracting; Part V, Detection; Part VI, Containment, Disposition, and Reporting and Part VII, Contractor Assessment. By culling various industry standards and other resources, the DON has created a compendious plan which provides best-practices and implementation strategies from leading industry resources.
Risk assessment is performed by a risk assessment matrix factoring in supplier type and materiel criticality, addressing the likelihood of encountering a counterfeit part through factors such as obsolescence, lead times, versions, and item type (e.g., "integrated circuits are currently the most commonly counterfeited item."), and analysis of the severity of the impact based upon criticality of the materiel and strategic value.
As is prevalent in industry standards, the Guidebook stresses the purchase of material directly from the original manufacturer or authorized suppliers whenever possible, though the document does recognize obsolescence as a "justifiable reason" for sourcing materiel from an unauthorized supplier, despite the greater risk of encountering a counterfeit part. For purchasing from unauthorized sources, annual maintenance of a tiered Approved Supplier List, on-site assessments, review of the unauthorized suppliers' Approved Supplier List with differentiation between authorized and unauthorized suppliers, review of GIDEP and other peer databases for unresolved quality issues, trade references, verification of QMS certifications and insurance and warranty, past history and banking information are recommended. Appendix J provides a contractor compliance audit checklist, a tool developed by the Missile Defense Agency to assess an organization's counterfeit mitigation processes. Of additional note is DON's recommended usage of preferential supplier types (e.g. small businesses, veteran-owned, HUB, etc.) only for non-critical and low risk materiel.
For the detection of suspect counterfeit materiel, once again, a risk-based method should be used to determine the necessary detection protocols. For all materiel, regardless of the supplier, basic incoming and visual inspection techniques are called for; however, for high risk materiel, a suggested authentication process flow is provided in Appendix E. For electronic parts, an acknowledgement that functional testing may not be sufficient to determine whether or not the product is authentic should be included as counterfeit parts may pass functional testing. DFARS clause 246.870 calls for the use of industry standards to guide DON through inspection and tests for the authentication of material; specifically, the Guidebook cites SAE AS6081’s guidance as the preferred standard. Of note, the Guidebook addresses stockroom material that has not undergone authentication and notes that authentication should be performed on this material. To assist with a counterfeit determination, Appendices F and H contain lists of indicators along with a minor, moderate or major categorization. By using these categorizations, a threshold for reporting is reached if: one major indicator and one moderate indicator are found; or if three or more moderate indicators are found; or if two or more moderate indicators and two or more minor indicators are found.
Once materiel is classified as suspect counterfeit, the Guidebook, similar to industry standards, calls for the containment, disposition and reporting of the materiel. One difference in the Guidebook when compared to industry standards is that the guidelines state that the supplier should not be contacted regarding the suspect counterfeit material. Of note, Figure 7, Disposition Decision Tree, points to the consideration of use of suspect counterfeit materiel in assemblies under certain conditions.
It is evident that the DON has endeavored to provide practical guidelines for the implementation of a counterfeit mitigation program. Through the use of this Guidebook, a clearer understanding of the process should provide DON staff a valuable tool for the avoidance, detection and disposition of counterfeit materiel. This resource is also useful for any organization, especially those in the medical, nuclear, aerospace and defense-related high reliability sectors, for the development or update of a counterfeit avoidance plan. The document is publically available to all organizations and non-government entities at:
DON Counterfeit Materiel Process Guidebook.pdf
iDON Counterfeit Materiel Process Guidebook.pdf
iiSenate Counterfeit Report
iiUS Navy Cyberattack Investigation
SEE MORE BLOG ENTRIES