Topics:
Defense authorization bill could include IT supply chain regulations
Lawmakers said they will modify existing law to protect the defense system supply chain from counterfeit electronic parts.
"Senator [Carl Levin (D-Mich.)] and I are committed to trying to put legislation into the Defense authorization bill," said Sen. John McCain (R-Ariz.) during a Nov. 8 hearing of the Senate Armed Services committee.
"I want to put some pressure on our contractors to go back up the chain or down the chain to make sure the people supplying the supplier...are legitimate people," said Levin.
The three-panel, 6-hour hearing kept many lawmakers captivated--many appeared unaware that counterfeit parts are present in DoD IT systems and expressed concern that counterfeit part providers may have malicious intent, in addition to financial motives
"There certainly is the possibility that there could be other motives, other than the financial benefits associated with the counterfeiting of and harvesting of old parts to be put into a fashion where they appear to be new," said Richard Hillman, managing director of forensic audits and investigative service at the Government Accountability Office.
While the National Security Agency's Trusted Foundry Program has allowed the department to acquire more reliable components for critical IT systems, counterfeit parts are more often creeping into replacement parts for less-readily available systems, said Brian Toohey, president of the Semiconductor Industry Association.
When counterfeit components are discovered, it's difficult to take action against suppliers and remediation can be costly. The Missile Defense Agency found 800 counterfeit parts on one missile interceptor system and it cost the agency more than $2 million to replace them with legitimate technology, said Lt. Gen. Patrick O'Reilly, director of MDA, during his testimony.
MDA is addressing the problem, said O'Reilly. It now requires all IT component suppliers to obtain parts from the manufacturer or an authorized reseller. When a supplier is unable to get the parts from either source, it needs formal approval from O'Reilly to purchase technology elsewhere.
For more:
- go to the hearing page (archived webcast and prepared testimony available)
Related Articles:
Counterfeit IT might face new regulatory actions
Q&A: NIST's Marianne Swanson on cyber supply chain risk management
GAO: Military can't track counterfeit items
Comments