Counterfeits Inspection

advertisement
Evolving Counterfeit Component
Threats and Industry Mitigation Efforts
Stephen Schoppe
Glenn Robertson
Process Sciences, Inc.
Leander, Texas
512.259.7070
www.process-sciences.com
Introduction


A growing problem in all industry sectors
Openings for counterfeiting
• High price components
• High demand/scarcity
• Obsolete/out of production

Potential for introducing malicious code
• Sabotage – immediate or future
• Potential espionage
Introduction

How do counterfeits enter the supply chain?
• Often starts with remarking of reclaim/eWaste






•
•
•
•
Refurbished used part represented as new
Altered date code
Consumer grade marked as mil
Upgrade to later/preferred/scarce part type
Low-grade passives marked as precision value
(low tolerance) type
Completely different part
Manufacturing defects diverted from scrap bin
Surplus production from OEM (“4th shift”)
Acquisitions/Purchase of surplus inventories
Return of mixed inventories to distributor
Mitigation Strategies - Users


Essential to establish Due Diligence
Establish supply chain policies
•
•
•
•
Evaluate risks from “lowest bidder”
Use authorized distributors where possible
Write purchase contract carefully
Supplier Qualification






History with reporting organizations - BBB, D&B, etc.
Google search, including street view of address
Memberships – ERAI, GIDEP, IDEA etc.
Certifications - ISO, IDEA-1010, CCAP-101, etc.
Quality systems for receiving inspection, ESD, etc.
Onsite audit if possible
Mitigation Strategies - Users



Access to industry database(s)
Decision process for authentication testing
and quarantine/reporting of suspect parts
Disposition
• Don’t just return to distributor inventory
• Destroy & verify?

Staff training/qualification
Mitigation Strategies - Distributors

Anti-Counterfeit Policies
•
•
•
•


Increased scrutiny of sources
Awareness of evolving counterfeiting methods
Use of industry resources – ERAI, GIDEP, IDEA
Establish incoming inspection procedures
Authentication testing – in house or
outsource
Staff training/qualification
Industry Mitigation Efforts

Counterfeits Databases
• Searchable databases of suspect components


Information from reports submitted online
Only members can access, anyone can submit report
• GIDEP (www.gidep.org)

Operated by US Government, established 1959
• ERAI (www.erai.com)


Privately held reporting and investigation service
Escrow and dispute resolution services
• IDEA (www.idofea.org)


Privately held association
Maintains extensive Membership Code of Ethics
Industry Mitigation Efforts

Standards Organizations
• SAE G19 Committee
“chartered to address aspects of preventing, detecting, responding to
and counteracting the threat of counterfeit electronic components”

AS5553 (released 2009, rev A in progress)
• Counterfeit avoidance requirements for OEMs and CMs
• Adopted by DOD

AS6081 (released December 2011)
• Similar to AS5553
• Prescriptive avoidance requirements for distributors

AS6171 (in preparation)
• Intended to standardize test methods
• Covers a variety of tests
• Includes sampling plans

ARP6178 (in preparation)
• Methods for risk assessment of distributors
Industry Mitigation Efforts

Standards Organizations (continued)
• IDEA (Independent Distributors of Electronics Assoc.)



IDEA-STD-1010B
Visual inspection practices and requirements
Includes acceptability criteria
• ISO (Europe)


PC 246 and TC 247 committees established (2009) to
develop standards related to combating fraud
Coordinating with ANSI in USA
• iNEMI Consortium


Develop and assess improved methods for data
exchange, authentication and traceability
Includes development of metrics to assess the
problem and measure program(s) effectiveness/cost
Industry Mitigation Efforts

Training & Certification Programs
• IDEA


Certification to IDEA quality standards
Inspector training and certification based on 1010B
• CTI CCAP Program


Counterfeit components avoidance and certification
program for Independent Distributors
Training addresses detection and prevention of
counterfeit components
• Seminars and Workshops from SMTA, CALCE,
and other organizations
Government Initiatives

International efforts to reduce supply
• Take-back laws


Divert eWaste to reuse/recycle
Varies by country/state
• Restrictions on eWaste disposal



Regulated under the Basel Convention on Hazardous
Waste (1992)
Includes 170 member countries, USA not a member
Regulated in USA under RCRA as “Hazardous Waste”
• Currently no provisions specific to eWaste
• Possible future updates
• Direct USA diplomatic initiatives
Government Initiatives



Increased US Customs Scrutiny
Congress hearings/proposed legislation
National Defense Authorization Act (FY ’12)
• Levin/McCain amendment provisions





Requires DOD to define “counterfeit part”
Increases counterfeiting penalties for DOD contracts
Requires improved counterfeit avoidance methodology
for DOD and its contractors
Mandatory counterfeits reporting (when discovered)
for military and DOD contractor personnel
Contractors are responsible for remediation cost when
counterfeits are discovered
Authentication Testing


The second line of defense
Non-Destructive (sampling or 100%)
•
•
•
•
Visual/Component data
Radiographic (X-ray)
X-ray Fluorescence (XRF)
Electrical test



DC
Functional
Destructive
• Reveals surface of Silicon chip
• Chemical Decapsulation or Mechanical Delid
Authentication Testing

External Visual Inspection
• Inspect external packaging materials and labels
• Compare appearance and font/symbology with
“Golden” part if available
• Inspect package for evidence of remarking:



Blacktopping
Sanding scratches
Discrepancies in surface texture
Authentication Testing

External Visual Inspection
• Inspect Lead Condition


Surface Appearance
Straightness and Coplanarity
• Marking permanency test



Mineral Spirits (JEDEC JESD22-B107C)
MEK, Acetone, Alcohol also used
Change in markings or
surface appearance/texture
Authentication Testing

Check component information
• Consult Manufacturers’ Data Sheets



OCMs data sheets/websites
Distributors
Other sources (e.g., prior inspections, customer data)
• Date/Lot Code histories
• Company histories


SC OEMs
Mergers, name changes, plant closings/relocations
Authentication Testing

Radiographic Inspection
•
•
•
•
•
•
Solder ball pattern
Chip size/count
Wire bond count/pitch
Flip chip bump count/pitch
No need to open package
Possible radiation damage – currently under
evaluation by G19 Radiological Inspection SG
Authentication Testing

XRF Testing
• Rapid semi-quantitative elemental analysis
• Typically used for:



RoHS compliance screening
Verify Pb-free lead finish, or presence where required
Ceramics analysis (typically caps)
Authentication Testing

Electrical testing
• Broad range of tests depending on component
type and level of risk
• DC testing (VOM, curve tracer) for discretes
• ICs/actives require specialized test equipment
and programming
• Basic functional test vs full specification range
Authentication Testing

Chemical Decapsulation
• Exposes surface of Silicon chip
• Used on epoxy packages
• Acid etching most common
Authentication Testing

Mechanical Delidding
• Metal or ceramic packages
• Diamond saw or Dremel
• Lid pry-off
Some Concerns

Increased direct and indirect costs
• Maintain process documentation/certifications
• Staffing/training
• Cost and time required for testing

Authentication testing issues
• Availability of historical data – date codes, etc.
• New remarking methods


New Blacktop material resistant to test solvents
Use of micro-sandblasting to remove original
markings – now under study by G19 SG
• Functional test challenges


Test equipment/fixtures availability and support
Availability of programming expertise
Some Concerns

Legal
• Clear agreed definitions for “counterfeit,”
“fraudulent,” “suspect,” etc.
• Clarify mandatory reporting requirements



By whom and to whom?
When required? – includes “suspect” parts?
Protection of customer/supplier confidentiality
• Define liabilities



Parts falsely identified as non-conforming (alpha risk)
Failure to identify counterfeits (beta risk)
Responsibilities for consequences of incorporation of
counterfeits into equipment
• Evaluate/maintain/demonstrate “Due Diligence”
Conclusions


Counterfeits constitute a serious and
growing threat for users of electronics
Government and industry mitigation
efforts are ongoing
• Procedural, communication, training, etc.
• Technical solutions

Users and distributors must assess their
risk and establish a comprehensive plan
•
•
•
•
Challenge to balance risks vs. costs
Counterfeit threats always evolving
Authentication testing for suspect components
Maintain awareness of legal requirements
Conclusions
“There is a flood of counterfeit microchips into the
military, including in critical weapons systems…
The counterfeiters are utterly ruthless, nimble,
and getting increasingly better at their copies.”
-
Dr. James A. Hayward, Applied DNA Sciences
“No one practice or combination of practices will
prevent counterfeit components from entering the
supply chain, but every element of the supply
chain must work together to solve the problem.”
-
Dan DiMase, G19 Committee Chairman
Some References





Defense Industrial Base Assessment:Counterfeit Electronics, report
available at www.bis.doc.gov
Best Practices in the Fight Against Global Counterfeiting,
report available at www.ansi.org
US Senate Passes Anti-Counterfeit Electronics Bill,
article available at www.circuitsassembly.com
China Counterfeit Parts in U.S. Military Boeing, L3 Aircraft,
article available at www.businessweek.com
Counterfeit Parts Control Plan Implementation,
presentation by Dan DiMase, available at
http://supplychain.gsfc.nasa.gov/SC2010%20-%20D.%20Dimase-rev.pdf




www.anticounterfeitingforum.org.uk, list of UK-based resources
ERAI, IDEA, GIDEP websites
LinkedIn anti-counterfeiting groups
Missile Defense Agency Will Fight Parts Defects, article available at
www.bloomberg.com/news/2011-12-29/u-s-missile-defense-agency-tocrack-down-on-poor-quality.html
Thank You!
Questions…?
Stephen Schoppe
sms@process-sciences.com
Glenn Robertson
glennr@process-sciences.com
Download