Counterfeit milspec electronics easily bought online
Government Accountability Office investigators found it easy to purchase counterfeit milspec parts via private sector Internet buying websites, the GAO says in a Feb. 21 report released March 26.
At the request of the Senate Armed Services Committee, the GAO set up a fake company that was able to obtain membership in two online electronic parts Internet commerce platforms. From there, they solicited bids for 16 parts, seven of which were obsolete or rare, five of which investigators stipulated should have date codes after the last date the part was manufactured, and four of which investigators called for different specifications than those listed in a valid part number.
After selecting a vendor based on the lowest-price bid, investigators had a third party laboratory examine the parts they received. The lab concluded that all parts were counterfeit--or in the case of the parts with the modified specifications, bogus.
All parts came from 13 vendors located in China, the GAO report notes.
The federal government is prohibited from accepting Chinese-made items (although not Chinese-made components of a final item) for procurements typically worth $203,000 or more. Below that threshold, designated by the Trade Agreements Act, the DoD typically assigns a price penalty of 50 percent to non-domestic parts. However, the price penalty (which comes from another law known as the Buy American Act) doesn't apply to information technology.
"What's implied in our work is that a lot of the buys are small enough to fit underneath that threshold," Tim Persons, GAO scientist and one of the investigators who put together the report, said in an interview.
Based on the work conducted for the report, it's impossible to say definitively whether counterfeit parts have entered the DoD supply chain via the method described (online purchasing via electronic parts platforms), Persons said, but added that he suspects that to be the case--perhaps at the sub-sub-contracting level.
A blanket policy against buying Chinese-made parts is probably not feasible, but a sampling strategy that subjects parts to authentication tests would create an economic incentive for factories not to supply counterfeit parts, Persons said.
"What's coming out of China is purely economically driven," he added.
IT supply chain security has become an increasingly visible concern, with the House Energy and Commerce subcommittee on oversight and investigations also holding a March 27 hearing on it. The worry--which in public and in Congress has focused on the more spectacular possibility of malicious code injected into hardware or software--has caused the Defense Department to gradually implement a more stringent set of supply chain controls. The GAO also found, in another report dated March 23, that other national security agencies are behind DoD efforts.
- download the GAO counterfeit part investigation report, GAO-12-375 (.pdf)
Country of origin bad heuristic for supply chain risk
Conference committee approves anti-IT counterfeiting provision in defense authorization bill
DHS official: Security vulnerabilities present in technology supply chain
Commission report: American reliance on Chinese telecoms poses security concern