Product integrity is a key element in business and increasingly important in the information technology sector, where products and services are highly vulnerable to the creation of copies and counterfeits. Both IT vendors and their customers are equally at risk when phony and faulty products enter the supply chain.
As one step to control the flow of counterfeit electronic parts, the U.S. Defense Department has proposed new regulations for industry to follow in the procurement process. The department’s proposal is designed to “hold contractors responsible for detecting and avoiding the use or inclusion of counterfeit electronic parts or suspect counterfeit electronic parts.” DoD acted in response to National Defense Authorization Act mandates.
Interest in pursuing the requirements stems largely from potentially compromised military systems, which include IT components. From a narrow military perspective, the impact on electronic products, although significant, might be limited, since many military system parts are more costly and involve more stringent specifications than commercial products, according to James Burger, an attorney with Thompson Coburn and an advisor to the Semiconductor Industry Association.
However, the lines between “military spec” and commercial grade products are blurring as the government seeks to use more commercial level products across both military and civilian system installations, according to Robert Metzger, an attorney with law firm Rogers Joseph O’Donnell and cochair of TechAmerica’s supply chain advisory committee.
“These proposed changes to DoD regulations address information and communications technologies purchased by the department, including commercial-off-the-shelf products,” Danielle Coffey, vice president and general counsel for the Telecommunications Industry Association, told the E-Commerce Times.
Ripple Effect on IT
The DoD proposal could have a significant ripple effect on innovative and commercial products related to other aspects of Pentagon electronics procurements, including IT, as well as to federal civilian agencies.
“The breadth of these proposals could range far beyond direct military applications. Contractors affected by compliance could be liable not just for weapons systems but for additional information technology systems and services provided to the department,” Metzger told the E-Commerce Times.
In fact, at a recent meeting of federal and industry officials, government sources indicated that the DoD proposal, issued in a Defense Acquisition Regulation System format, was likely to be adopted for other agencies as well through a civilian Federal Acquisition Systems Regulation rule.
“The reach could be very significant for IT systems,” Metzger said.
The U.S. Senate reported in May 2012 that it uncovered 1,800 incidents involving counterfeit parts in the defense supply chain between 2009 and 2010. A comprehensive 2010 study by the U.S. Commerce Department showed the rate of incidents growing from 3,800 in 2005 to 9,356 in 2009 across the entire electronics industry.
While the IT and defense industries agree with DoD that improved controls over counterfeit electronic parts are necessary, they agree with little else in the proposal, according to comments filed with the department. The extensive submissions indicated significant disappointment and even bafflement at what industry regarded as the insufficiency of DoD’s effort.
Proposal Fails to Meet Goal
“The initial response from DoD failed to grasp the intent and direction set forth in the NDAA, to detect and avoid the introduction of counterfeit electronic parts into the defense supply chain,” Robin Gray, chief operating officer and general counsel for the Electronic Components Industry Association, told the E-Commerce Times.
“Instead of solving the problem, the proposed rule would create greater uncertainty, add unnecessary cost to the supply chain, and open huge loopholes for the continued infiltration of counterfeit electronic parts,” he said.
As is the case with many federal procurement policies, both the proposal and the comments were highly nuanced and technical in their legal references. Yet the specific terms hold great import for whether it is in the commercial interest of IT suppliers to do business with DoD or other government agencies, Metzger said. Three major areas of concern were reflected in the comments: basic legal definitions; the extent of coverage to suppliers; and the assumption of risk by suppliers.
Legal Terms: Difficulties emerged at the very foundation of the proposal: the definition of “counterfeit.”
“Two primary concerns that are notable in the views that TIA submitted include new proposed definitions, specifically for ‘counterfeit’ and ‘legally authorized’ sources,” Coffey said.
TIA took issue with a reference to “substitute” parts within DoD’s proposed definition of “counterfeit.” Also, the proposed DoD definition could be construed to treat innovative alternatives or unintentionally flawed products as “counterfeit.”
TIA’s concern over DoD’s reference to “legally authorized” sources was shared by the SIA, which criticized DoD for a lack of clarity and a reliance on ambiguous language.
Scope of Accountability: The DoD proposal covers contractors that comply with certain federal financial standards, but it does not extend to other vendors that do not fall within that category. The department should extend the proposal to suppliers “at all tiers,” including a “flow down” to suppliers that are not original sources and obtain electronic parts from other sources, SIA argued.
In short, the DoD’s proposal failed to properly reflect a complex supply chain consisting of bona-fide original equipment providers, legitimate secondary sources for either original equipment or suitable alternatives, and purveyors of bogus products, critics maintained.
Supplier Risk: DoD’s proposal doesn’t cover the full supply chain in terms of measuring risk and assessing the cost and liability for remedial actions. DoD allows for the recovery by some suppliers of the costs of taking remedial actions to a counterfeit incident, under certain circumstances. However, the language may be too narrowly drawn related to both covered suppliers and the allowable circumstances for cost recovery.
“There is no provision within the proposal that provides a ‘safe harbor’ for those contractors and subcontracts that have industry standard processes and procedures in place to detect and avoid counterfeit parts,” said ECIA.
The SIA, in fact, offered a solution for vendors in its comments.
“SIA’s safe harbor proposal would not impose that cost on the contractor as long as the contractor and suppliers at all levels of the DoD supply chain purchased the electronic parts from ‘legally authorized’ sources,” Burger told the E-Commerce Times.
Industry sources are also concerned that the DoD proposal related to procurement has not been linked to other pending regulations for a comprehensive approach to the problem.
The Defense Department now will assess the written comments, as well as feedback from the June meeting with suppliers.
Still, the regulatory process may not be sufficient to resolve the complexity of the issues, and further legislation may be required, suggested Metzger.
The current regulatory approach may need to be re-examined by Congress and addressed legislatively.
However, there is hope for a regulatory resolution.
“The legislation and the legislative intent seemed clear enough,” said ECIA’s Gray.
“DoD needs to change its buying practices by first exhausting buying from authorized sources — such as manufacturers, authorized distributors, and authorized aftermarket manufacturers and distributors — before buying from unauthorized sources,” he said.
“It is these unauthorized sources that should meet DoD and industry standards for avoiding and detecting counterfeit parts,” Gray emphasized. “These requirements should apply to all unauthorized sellers. There is no need for the DFARS to apply to purchases from authorized sources.”