Featured Product
This Week in Quality Digest Live
Supply Chain Features
Ryan E. Day
IFCO teams up with Real Time Intel to unlock hidden efficiencies, and help create a more sustainable supply chain
Benjamin Kessler
The key to achieving zero waste is a systems approach where all stakeholders work together toward the same ends
Barbara Cuthill
Considerations for small and medium-size companies venturing into IoT waters
Knowledge at Wharton
Technology companies aren’t equipped to dislodge traditional automakers from the driver’s seat and must learn to share the controls
Emily Newton
Technology and processes improve food quality and purchaser trust

More Features

Supply Chain News
Manufacturing and supply-chain experts share best practices and predictions
Smart manufacturing includes recyclability and energy and waste reduction, leading to sustainability and cost savings
Incorporates additional functionality and continuing improvements to the product’s existing rich features
Good quality is adding an average of 11 percent to organizations’ revenue growth
New auditors must pass the exam before auditing for GFSI-recognized certification programs
VQIP allows for expedited review and importation for approved applicants that demonstrate safe supply chains
Planned manufacturing events for Oct. 5, 2018, on track to set record-breaking level of participation
Preparing your organization for the new innovative culture
Specifications will focus on meeting the demand placed on high-performance electrical systems

More News

Ryan E. Day

Supply Chain

Subvert Your Own Supply-Chain Security in Five Easy Steps

The U.S. Department of Defense demonstrates the art of ignoring standard operating procedures

Published: Wednesday, January 23, 2013 - 13:35

In May 2012 the United States Senate Armed Services Committee (SASC) released the report, “Inquiry into Counterfeit Electronic Parts in the Department of Defense Supply Chain.” As noted in the first and second pages of the report’s executive summary, the committee’s investigation during 2009–2010 found approximately 1,800 cases of suspect counterfeit electronic parts, and “the total number of suspect parts in those cases exceeded one million.” Apparently, all the regulations, standard operating procedures (SOP), and oversight committees were no match for clever counterfeiters.

Although news agencies, blogs, and government websites seemed to focus on the role of China’s Shenzhen manufacturing community, questions concerning the U.S. Department of Defense (DOD) supply chain security—or lack thereof—have gone unanswered since at least 1990. The U.S. Government Accountability Office (GAO) reports, “As a result of weaknesses in DOD supply chain management, this area has been on the GAO’s list of high-risk federal government programs since 1990.”

Which is not to say that the DOD hasn’t addressed supply-chain security—sort of.

Government-Industry Data Exchange Program: ignored

The Government-Industry Data Exchange Program (GIDEP) is a DOD program where government and industries can report suspected counterfeit issues. If possible, these reports should include the manufacturer, supplier, part number, and cause of suspicion. On page iv of the SASC report, Vivek Kamath, vice president of supply-chain operations at Raytheon Co., notes that using GIDEP “can stop suppliers of counterfeit parts in their tracks.” So GIDEP is a handy tool—if it is used.

It seems the main downfall of GIDEP is not the program itself but, for whatever reason, the lack of usage. The executive summary also notes, “While the Committee identified approximately 1,800 cases of suspect counterfeit parts in the defense supply chain in 2009 and 2010, only 271 total reports of suspect counterfeit parts were submitted to GIDEP during that period.” In other words, only about 16 percent.

As a result of not using GIDEP, at least partially, more than one million suspect parts ended up in the U.S. military supply system, with some verified counterfeit parts installed in active, deployed aircraft and missile systems.

Defense Contractors Review List: not maintained

Many agencies operate with varying degrees of autonomy under the auspices of the DOD, and the Defense Logistics Agency (DLA) is one. The DLA is a combat support agency supplying the lion’s share of the military’s spare parts. As one might imagine, an organization dealing in such high volume discovers many cases of questionable parts. What to do then with suppliers suspected of delivering counterfeit parts? According to the DLA as quoted on page 62 of the SASC report, “...contractors that supply suspected counterfeit goods are supposed to be entered into an internal database called the Defense Contractors Review List (DCRL).”  DLA personnel consult the DCRL to “determine if there is information that might have a bearing on the contractor’s responsibility....”

Unfortunately, as the SASC inquiry revealed, the DLA not only didn’t maintain a list of companies identified as providers of suspected counterfeit parts, it didn’t even have a standard definition of the term “counterfeit.”

Another disturbing revelation was that out of 93 companies involved in cases of providing suspect parts to DLA, 37 had done so more than once. No fewer than 15 companies had done so three or more times, and two were implicated at least 10 times. Another case of standard operating procedure—in this case, the DCRL—being ignored and causing predictable oversights.

Certificates of nonconformance?

Companies supplying parts directly or indirectly to the military also have SOPs in place to ensure quality control. Take Tandex Labs, for example.

During the time frame of the SASC’s supply-chain investigation, Tandex provided several 50-unit batches of field programmable gate arrays (FPGA) destined to be installed in the U.S. Navy’s P-8A Poseidon aircraft being built by Boeing. Each batch included a certificate of conformance (COC) declaring that, as the SASC report states on pages 46 and 47,  “...the subject components have been processed and inspected in accordance with instructions....”

Unfortunately, the COCs were no guarantee that the parts did, in fact, meet critical quality criteria. When the FPGAs supplied by Tandex were used by BAE Systems (BAE), a Boeing subcontractor, to build ice-detection modules, there were... problems.

SOP: Notification of escape

Apparently, BAE had no idea there was a problem with the FPGAs until its emergent response team was called to Boeing’s flight line due to “...something rattling around inside the [ice detection] module,” as the SASC report notes on page 48.

When BAE pulled its remaining stock of FPGAs, which were warehoused in Irving, Texas, lo and behold, much of that inventory showed characteristics of refurbished and counterfeit parts. To BAE’s credit, it had a SOP in place to deal with just such an eventuality, and they issued a formal notification of escape (NOE) to Boeing. The NOE called the parts “unacceptable for use.” (SASC report, p. 49).

SOP: Suspect discrepancy report

Boeing also had a SOP in place for such anomalies and issued an internal suspect discrepancy report (SDR), which stated the FPGAs were “reworked parts and unacceptable for use.” (SASC report, p. 49.) Neatly handled, yes? But what of the P-8A aircraft that was delivered to the Navy?

According to page 53 of the SASC report, more than 18 months elapsed before Boeing informed the Navy that “It is suspected that the [ice detection] module may be a reworked part that should not have been put on the airplane originally and should be replaced immediately.”

Conclusions, bugs, and comments

Sadly, the incidents cited here are not the only problems the SASC found during its investigation. In each case everything was fully documented in accordance with each relevant process. And yes, in each case, there were SOPs in place to safeguard against exactly this problem. The bug was not in the process at all. Despite identifying and recording suspect parts, and identifying which suppliers provided these suspect parts, the DOD and others concerned continued to purchase parts from those very same suspect sources.


The “why” in this sad tale is crucial to understanding multiple and seemingly obvious breaches of supply-chain security protocol. Why would these agencies set up so many supply-chain security features and then just ignore them? Maybe the dysfunctional process lying at the heart of the matter isn’t a supply-chain issue at all. What if the root cause was that the needed replacement parts haven’t been manufactured for a very long time?

That is, in fact, exactly what the inquiry uncovered.

Apparently, as the SASC report noted on page 15, some 70 percent of the suspected parts were no longer in production. Although sourcing existing caches of “new-old-stock” (NOS) is a common practice in repair of obsolete apparatus, it is also a given that at some point, those caches will eventually be depleted.

The SASC inquiry includes recommendations to enhance security through testing, reporting, and notification. Ultimately the SASC places the responsibility squarely on the shoulders of the suppliers. However, these recommendations do nothing to address the underlying issue of obsolete parts. The simple reason the DOD is being supplied with counterfeit parts is because many required parts haven’t been manufactured for decades and may not exist, even in some moldering warehouse in Silicon Valley. Shifting the responsibility to suppliers is an excruciatingly painful breach of logic. In many cases, there simply are no new parts to be had.

Although the brouhaha of counterfeit parts and ensuing recommendations by the SASC completely overlook the problem’s root cause, the unintended consequences might be the best thing to come out of the entire fiasco.

In order to get a supplier's point of view, Quality Digest contacted Todd Kramer, CEO of Secure Components LLC and chairman of the Distributors Advisory Group (DAG).

“Our part of the supply chain is ensuring that we provide all of the information to our client as to where we procured the part, its condition, whether it’s authorized or unauthorized, and the assessed risk, and then provide the documentation that proves that history,” Kramer explained. “Transparency is vital for the end user to make an educated decision on the condition of the parts we can provide, and if they will be acceptable to the end user’s application. Brokers and distributors on the open market simply can’t procure every obsolete component that comes through a buyer’s queue. There are plenty of times in which we have to ‘no bid’ the solicitation.”

Under Section 818 of the National Defense Authorization Act (NDAA) the onus of vetting and documenting every component of every part is borne solely by the supplier. The liability of correcting any problems that arise as a result of suspect parts being installed further down the line must also be borne by the supplier. The unintended consequence of shifting complete responsibility to the suppliers may be that suppliers simply cease to supply obsolete replacement parts—legitimate, unauthorized, suspect, counterfeit, or otherwise. The DOD may be forced, due to that circumstance, to finally explore real solutions rather than play hot potato with the issue of woefully outdated weapons systems.

The DOD must drop the charade of investigations and new regulations, and realign its product requirements to address the reality of unavailable, obsolete parts.

Possible solutions might include:
• Rewrite requirements to allow refurbished parts and repurpose or train counterfeiters into proper testing and refurbishing partners
• Begin production of obsolete parts in the United States under the auspices of the DOD
• Refit weapon systems with modern technology

Impossible solutions include clapping hands over ears and singing, “La la la la la” when the matter of unavailable, obsolete parts in our defense systems rears its ugly head.


About The Author

Ryan E. Day’s picture

Ryan E. Day

Ryan E. Day is Quality Digest’s project manager and senior editor for solution-based reporting, which brings together those seeking business improvement solutions and solution providers. Day has spent the last decade researching and interviewing top business leaders and continuous improvement experts at companies like Sakor, Ford, Merchandize Liquidators, Olympus, 3D Systems, Hexagon, Intertek, InfinityQS, Johnson Controls, FARO, and Eckel Industries. Most of his reporting is done with the help of his 20-lb tabby cat at his side.


Subverting Certifications?

A double-faced meaning: certifications - even accredited - subvert reliability, and / or subverting face-value-only certifications can bring us to actually improve our deeds' Quality. Words, compared to Deeds or Facts, are all too easy artifacts, or Propaganda's deeds - which means what they really are. Even the legal clauses and requirements on the value of sworn declarations or statements are more and more argued. Will a "masquerade" be the sound track of the next ISO 9000 series and of its Relatives movie? Thank you. 


Informative article.

One thing though, it is "lo and behold" not "low and behold."

You are right

Uhhh.... yeah.... we were just testing you. That's it.

You passed.

Thanks for pointing out the error; we have fixed it.