The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
The Grim Realities of Electronic Component Counterfeiting
May 28, 2020
If you have ever had doubts that electronic component counterfeiting is real, this 2017 article on the website Ataviat will likely change your mind. Its title, Introduction to Counterfeit ICs: Counterfeiting, Detection and Avoidance Methods, says it all. With full documentation for his sources, author Yahya Tawil’s report presents stats such as the following:
- 50% of U.S. component manufacturers and 55% of distributors reported counterfeiting issues as far back as 2005.
- An estimated 15% of all spare and replacement semiconductors purchased by the Pentagon are counterfeit products.
- A 2008 study by the International Chamber of Commerce estimated the cost of counterfeiting for G20 nations is growing as much as $775 billion each year.
- A case study of one counterfeiting firm showed it had a $2 million/month revenue of just a single part type.
- More than 80% of counterfeit components are recycled and remarked.
Beginning with recycling, which involves removing components from printed circuit boards and selling them as new, Tawil details that the full taxonomy of counterfeit sources, including products that have been left over from contracts, defective, cloned, forged or tampered with. (Figure 1.)
Figure 1: While most counterfeit products have been recycled and remarked, counterfeiters tap many alternates sources. Source: https://atadiat.com/en/e-introduction-counterfeit-ics-counterfeiting-detection-avoidance-methods/
In addition to the billions of dollars of loss to OEMs, counterfeiting puts the industry at risk by introducing inferior products into the supply chain. This makes compliance with any quality standards difficult and can also be dangerous.
“Consider an electric motor as an example. An overheated or faulty motor could result in hours of unplanned downtime for the rest of the production line. If the breakdown is hazardous, of which many counterfeit breakdowns are, this could also cause damage to peripheral equipment and risk injury to staff. Moreover, because the motor will not be covered by a legitimate warranty, replacing it can become a longwinded and expensive process,” writes Nigel Smith, managing director of robotics distributor Shibaura Machine in the April 9 edition of Automation.com in an article titled Counterfeit Parts: Manufacturing’s Next Threat.
And as if stealth, inferior quality and risk of injury weren’t bad enough, counterfeit products can also infect electronic systems with malware, as pointed out by the authors of a recent IEEE Spectrum article Invasion of the Hardware Snatchers: Cloned Electronics Pollute the Market. Fake hardware could open the door to malicious malware and critical failures.
“Look at the 2010 case of Saudi citizen Ehab Ashoor, who was convicted of purchasing cloned Cisco Systems gigabit interface converters with the intent to sell them to the U.S. Department of Defense. The devices were to be installed in Iraq in Marine Corps networks used for security systems and for transmitting troop movements and relaying intelligence from remote field operations to command centers,” they write.
Presidential Executive Order 13920, issued on May 1, 2020, has provisions to reduce electronics counterfeiting, including charging the Secretary of Energy with establishing criteria for recognizing particular equipment and vendors as pre-qualified for future transactions. Until such initiatives come to fruition, the most immediate thing an automation user can do to reduce counterfeit-related risk is to buy products that are made in the USA. Joe Weiss, cybersecurity authority and blogger for ControlGlobal.com, addresses this in a recent entry.
“Why are we still buying this critical equipment from China? What does it take to start making them domestically again? Addressing the supply chain is not intractable, but it takes work. For those that cannot assure the supply chain, appropriate monitoring will be key,” he writes, continuing, “There is at least one control system vendor, Bedrock Automation (I am on their Technical Advisory Board) that owns their supply chain …”
For more details on Bedrock Automation’s secure supply chain and how it both provides high visibility into is electronics supply chain and how its products are also impossible to counterfeit, see Bedrock’s Sam Galpin’s article here.
August 27, 2020
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have urged critical infrastructure facilities to take […]
August 27, 2020
A second bit of ransomware code designed to target industrial control systems has emerged. Similar to the Megacortex malware that […]