enterprisesecuritymag

Are there counterfeits in your supply chain?

By Jennifer Jensen, Vice President, National Security and Space Programs at Draper

Jennifer Jensen, Vice President, National Security and Space Programs at Draper

Today’s enterprises are under attack from a threat which lies hidden to their IT and security systems. Substandard and counterfeit electronics are making their way into many enterprises through an unprotected supply chain.

The problem hasn’t escaped the attention of some of the biggest buyers of technology. In May, the president issued an executive order to secure the communications services and technology supply chain. The U.S. Department of Defense stepped up its own scrutiny of suppliers in issuing its Counterfeit Electronic Part Detection and Avoidance System in 2016. Among the biggest efforts is underway at Amazon, which launched Project Zero to find and remove suspected counterfeits in its supply chain.

So the supply chain has become a major source of concern, but that does not mean businesses and government agencies are powerless. The constant threat means they need a consistent approach to securing components and the routes they take from manufacturer to customer.

"The only way to control counterfeiting is to leverage secure technology that can provide a guarantee of provenance over all electronic components"

An instructive example is being set by the U.S. Department of Defense. The DOD has funded programs aimed at improving supply chain hardware integrity for electronics defense and for strengthening hardware security at the microarchitecture level.

Draper has developed technology for both efforts. What we learned is that the electronics system supply chain is vulnerable to being tainted with substandard, counterfeit and tampered electronics. We also determined that current efforts to protect technology largely rely on software, which can be inadequate if it fails to address the underlying hardware vulnerabilities.

Detecting counterfeit or compromised components isn’t easy. An investigation by the Senate Armed Services Committee revealed wide disparities in testing used by companies in the defense supply chain to uncover counterfeits. Some use solvents; others delidded part samples to examine the die. The Committee found these measures and many others to be inadequate.

The problem of counterfeits in the supply chain is more widespread than most people think.

The OECD puts the value of imported fake goods worldwide based on 2016 customs seizure data at $509 billion, up from $461 billion in 2013.The aerospace and defense industries are concerned about counterfeit parts, but so are pharmaceutical and technology companies along with big brand name consumer products.

The natural question for enterprises just beginning to assess their vulnerabilities is, where do I start?

Make sure all supply chain links are verified and overseen regularly—take nothing for granted. Know your supply chains from start to finish and verify and monitor every step.

Look for tools for authenticating components in the supply chain. Draper developed such a tool in the form of a dielet that features a built-in encryption engine and sensors to detect tampering, and that can affix to electronic components such as microchips. The component can be authenticated without disrupting or harming the system into which they have been designed.

Other companies are working on hardware-based security as well.

The only way to control counterfeiting is to leverage secure technology that can provide a guarantee of provenance over all electronic components. The deployment of such technology may add some pennies to component cost, but the savings from counterfeit escapes and the labor intensive process of policing your supply chain will more than make up the cost.

Today’s approach to combating the supply chain’s counterfeit issue can be regarded as attempts to plug a few large holes, while many smaller leaks go undetected. To win the battle, industry and government needs to be more vigilant and use tools that can track, protect and detect issues at the component level. The global supply chain requires nothing less.

Read Also

The Weakest Link Is Your Strongest Security Asset

The Weakest Link Is Your Strongest Security Asset

Christian Anschuetz, CIO & Security Practitioner, UL
Problem UAS at Airports

Problem UAS at Airports

Tim Lewis, Deputy Federal Security Director at Transportation Security Administration (TSA)
Cyber Defense: A Team Sport

Cyber Defense: A Team Sport

Chris DeGuelle, Director, Louisiana Business EO

Weekly Brief