new type of electronic counterfeit part has arrived in force into
commercial and, probably, military supply chains. Cloned parts, of
original manufacture and made to spec by apparently well-heeled
counterfeiters, can pass industry-standard visual package inspection and
most data sheet parameter electrical testing. This means that some
industry standards, some not yet released, may be already, in important
ways, out of date.
Image courtesy: Pixabay
Tom Sharpe, vice president of SMT Corp.,
told this writer that his company has identified literally hundreds of
such clones, representing an array of part numbers and classes, and
sporting the marks of dozens of different manufacturers.
Sharpe delivered the keynote on this issue to this year's Center for Advanced Life Cycle Engineering
(CALCE) Symposium on Counterfeit Materials, so he knows a thing or two
about it. His company is now "almost wholly devoted" to identifying
technologies and resources to combat clones.
However, despite these warnings, I think it's probable that, because
we have heard a steady drumbeat of dire news about electronic
counterfeits since about 2006, we may be inclined to discount this
latest disclosure. That, in my view, would be a major-league mistake.
For the electronics supply chain, this is potentially a worst-case
scenario. Its impact, unlike traditional counterfeits, extends far
beyond obsolescent and end-of-life parts, since full-production
components are being cloned. Add to that some seriously scary
implications for cybersecurity, and we have quite a stew.
But let's move back to fundamentals for a moment. What we may call traditional counterfeits
began as original component manufacturer (OCM) material, typically
discarded, then harvested, reworked and remarked to misrepresent
themselves as new components. Key point: their life began when made by
legitimate component manufacturers.
Clones, on the other hand, are manufactured entirely or almost
entirely by counterfeiters themselves. Component manufacturers play no
role. These may be called advanced counterfeits. Since advanced
counterfeits are manufactured to spec, the clones can "fly under the
radar" as Sharpe puts it. Our carefully constructed matrix of
anti-counterfeiting standards, procedures, and methodologies are
designed to screen for traditional counterfeits, not these.
At the moment, it appears to be simpler parts that are being cloned,
not complex components such as field programmable gate arrays (FPGAs),
according to several sources. But what we have in our hands so far, is
at the very tail end of the counterfeiters' pipeline. What has been
recently released or is surely under development we do not know.
Let's play the innocent observer for a moment. So what?
Don't we know already that counterfeiters are getting smarter, and
making it increasingly harder to detect and avoid? And doesn't the
solution remain the same: buy parts from authorized distributors?
It seems to me that what we are seeing is not an incremental change,
but a qualitatively new one. While, so far as we know, detection methods
and technologies are not yet in place for clones, we can bet that they
will be expensive and resource-intensive. That will make the pace of
their adoption slow, and probably narrow.
Because production components are being cloned, the market for
advanced counterfeits is enormous, compared to traditional counterfeits,
which ply the obsolescence and end-of-life spectrum.
While clones can pass traditional electrical testing and visual
inspection, their quality, according to Sharpe, is markedly lower than
legitimate parts. Their integrity under elevated temperatures, for
example, is poor. But how else to undercut price?
With all that available real estate, clones must be a tempting platform for cyberattack exploits by bad actors or nation states.
Finally, yes, buying from authorized distributors whenever possible
would greatly mitigate this risk. However, neither private nor
public sectors seems the least bit ready to cease buying parts off the
At the moment, it seems, we can monitor this risk, while watching for
new detection technologies and standards to emerge, but we cannot