Just as fake news became a major concern during the U.S. presidential election, fake components have become a major headache for system companies in recent years. Design engineers spend countless hours creating products that provide optimal performance, but a simple mistake in component acquisition can do severe damage to the company’s reputation when bogus parts fail.
Counterfeiting is a major problem everywhere in electronics – even though the U.S. military has strict purchasing requirements, some government research estimated that 15% of spares and replacement products have some counterfeit components. In 2011, the president of the Semiconductor Industry Association told a Senate Armed Services Committee panel that “counterfeiting costs US-based semiconductor companies more than $7.5 billion per year.”
Most observers say that counterfeiters have upped their game since then, using better printing techniques on devices and making their companies and components look more legitimate. The battle to avoid the problems that come when phony parts ship in end products is becoming more intense, prompting many companies to ask engineers to do more to reduce the chances that fake parts will sneak in.
“The design engineer has a role in counterfeit protection by creating designs that are flexible and modular, especially around the products with short life cycles,” said Kevin Sink, vice president of total quality at TTI Inc., an electronic component distributor. “The more easily the part can be replaced when obsolescence looms, the better. Similarly, component engineers are worth their weight in gold. By knowing the market availability, they assist their companies in qualifying the most reliable, and available components. By not boxing a company in to a single, esoteric part number, they ensure the parts are available from authorized suppliers, avoiding many of the shortages of the future.”
One aspect of any plan to reduce vulnerability is to help those tasked with buying parts. Typically, most manufacturers avoid counterfeits by buying from reliable sources like authorized distributors and semiconductor manufacturers. But there are a number of reasons that drive acquisitions from other sources. Engineers can play a role in reducing the number of times these changes are required. During development, they can avoid rushing to get components needed for physical prototypes.
“One responsibility placed on engineers is to give the purchasing group time,” said Diganta Das, a researcher at the University of Maryland’s Center for Advanced Life Cycle Engineering. “If engineers say they need something tomorrow, purchasing may not have time to go to their usual suppliers, they may have to turn to someone who has not been fully vetted.”
Perhaps one of the most important steps for design engineers is to consider the product lifetimes of the components they’re specifying. That’s not a factor in many consumer parts, but long lifetimes make phase outs an important issue in industries like transportation and industrial equipment.
“Mitigation starts with design,” said Phil Zulueta, a consultant who spearheaded the creation of a Society of Automotive Engineers (SAE) standard on counterfeiting. “Typically, parts have obsolescence. In fields like aerospace and defense where product lifetimes are long and end users don’t want to change parts, designers need to keep up with the obsolescence problem. Part of mitigation is to be as current as possible when parts are designed in.”
It’s not only design engineers who join in the battle against fake components. Engineers in purchasing and manufacturing departments are also critical in watching incoming parts and resolving problems when phonies are detected. Often, their involvement speeds up mitigation efforts.
“When engineers take responsibility, we detect cases more quickly,” said Tina Åström, Director of Group Brand Protection at SKF. “They are more engaged in the overall performance of the machine.”
As awareness of the scope of counterfeiting rose, standards bodies stepped in to help companies establish policies for avoiding and detecting counterfeit components. IEEE created 1149.1-2013 Standard Test Access Port and Boundary Scan Architecture, which includes an Electronic Chip ID (ECID) register that includes the manufacturing location, silicon wafer number. The Independent Distributors of Electronics Association has stepped in, and the SAE has also created standards design to prevent counterfeiting. From the distribution side, a number of SAE standards address different aspects of ensuring product integrity.
“Most customers fall under the auspices of SAE AS5553 and following it will set up a customer for success,” Sink said. “To understand what other channel members do, it is important to understand their related standards. For example, AS6496 is for authorized distribution, AS6081 for independent distribution, and AS6071 for testing.”
Many programs address techniques that stop counterfeit parts before they are purchased, or before they get into the inventory queue for production. As criminals get better at their craft, it’s becoming harder to spot fakes. Simply looking at printing quality, body size and other factors no longer works. It’s often necessary to do some extensive testing, using a part that has been proven to be authentic.
“When you’re trying to find out whether a part is counterfeit, you need a known good part you can compare it against,” Das said. “If you can’t do that or get very detailed information on materials in the component, it’s impossible for even the best test lab to tell whether a part is counterfeit.”
If the challenge of spotting bogus hardware isn’t enough, it may become even more difficult to ensure that unauthenticated parts won’t create problems. Some bad actors are starting to ship semiconductors that hold unauthorized software. This problem is attracting the attention of those who attempt to root out problematic components.
“The insertion of malware in parts, either legitimate or counterfeit, is certainly a concern,” Sink said. “To date, this has largely been understood to be the result of spycraft, so it is hard to know the scope of this problem today. While it is understood to be the promulgated by state actors, with the recent ransomware events, it is likely that we will begin to see other actors do this in the future. For OEMs, programmers can protect their systems by providing some well encrypted way to test the safety of the programmable/programmed components in the system.”
Experts are already working to devise strategies and technologies that prevent the unwanted results that come with this type of forged component. Chipmakers are starting to insert code that quickly tells buyers that the part is trustworthy.
“This is a new field that is on the horizon,” said Robb Hammond, president of AERI, an electronic components distributor. “We have seen a few different platforms promoted stating that a component manufacturer could place some sort of indicator on the chip to authenticate it. If programmers can make that happen and create an easy way for it to be confirmed, we would have a much easier time confirming what is inside the device.”
Educating personnel is one of the most important aspects of any workplace program. Experts note that understanding the steps needed to thwart counterfeiters has to being at the top of the corporate hierarchy and extend down to those who help acquire components.
“Training is a part of the SAE standard, which notes that training shouldn’t be just for purchasing engineers,” Zulueta said. “Executives need to understand the problems caused by counterfeit parts. Once upper management is committed, they will create policies that filter down.”
Terry Costlow has written about technology since the days of the 6 Mbyte hard drive. He’s contributed regularly to EE Times, Automation World, Automotive Engineering International, and IEEE Spectrum, as well as consumer publications including The Christian Science Monitor, Los Angeles Magazine and the Portland Oregonian.