A new type of electronic counterfeit part has arrived in force into commercial and, probably, military supply chains. Cloned parts, of original manufacture and made to spec by apparently well-heeled counterfeiters, can pass industry-standard visual package inspection and most data sheet parameter electrical testing. This means that some industry standards, some not yet released, may be already, in important ways, out of date.
Tom Sharpe, vice president of SMT Corp., told this writer that his company has identified literally hundreds of such clones, representing an array of part numbers and classes, and sporting the marks of dozens of different manufacturers.
Sharpe delivered the keynote on this issue to this year's Center for Advanced Life Cycle Engineering (CALCE) Symposium on Counterfeit Materials, so he knows a thing or two about it. His company is now “almost wholly devoted” to identifying technologies and resources to combat clones.
However, despite these warnings, I think it's probable that, because we have heard a steady drumbeat of dire news about electronic counterfeits since about 2006, we may be inclined to discount this latest disclosure. That, in my view, would be a major-league mistake.
For the electronics supply chain, this is potentially a worst-case scenario. Its impact, unlike traditional counterfeits, extends far beyond obsolescent and end-of-life parts, since full-production components are being cloned. Add to that some seriously scary implications for cybersecurity, and we have quite a stew.
But let's move back to fundamentals for a moment. What we may call traditional counterfeits began as original component manufacturer (OCM) material, typically discarded, then harvested, reworked and remarked to misrepresent themselves as new components. Key point: their life began when made by legitimate component manufacturers.
Clones, on the other hand, are manufactured entirely or almost entirely by counterfeiters themselves. Component manufacturers play no role. These may be called advanced counterfeits. Since advanced counterfeits are manufactured to spec, the clones can “fly under the radar” as Sharpe puts it. Our carefully constructed matrix of anti-counterfeiting standards, procedures, and methodologies are designed to screen for traditional counterfeits, not these.
At the moment, it appears to be simpler parts that are being cloned, not complex components such as field programmable gate arrays (FPGAs), according to several sources. But what we have in our hands so far, is at the very tail end of the counterfeiters' pipeline. What has been recently released or is surely under development we do not know.
Let's play the innocent observer for a moment. So what? Don't we know already that counterfeiters are getting smarter, and making it increasingly harder to detect and avoid? And doesn't the solution remain the same: buy parts from authorized distributors?
It seems to me that what we are seeing is not an incremental change, but a qualitatively new one. While, so far as we know, detection methods and technologies are not yet in place for clones, we can bet that they will be expensive and resource-intensive. That will make the pace of their adoption slow, and probably narrow.
Because production components are being cloned, the market for advanced counterfeits is enormous, compared to traditional counterfeits, which ply the obsolescence and end-of-life spectrum.
While clones can pass traditional electrical testing and visual inspection, their quality, according to Sharpe, is markedly lower than legitimate parts. Their integrity under elevated temperatures, for example, is poor. But how else to undercut price?
With all that available real estate, clones must be a tempting platform for cyberattack exploits by bad actors or nation states.
Finally, yes, buying from authorized distributors whenever possible would greatly mitigate this risk. However, neither private nor public sectors seems the least bit ready to cease buying parts off the shelf altogether.
At the moment, it seems, we can monitor this risk, while watching for new detection technologies and standards to emerge, but we cannot mitigate it.