Last year the Information Security Forum released its “Top 5 security threats” for 2013 and not surprisingly, as George Karalias, Director of Marketing & Communications at Rochester Electronics explains, the second threat listed involves supply chain security.
According to the Forum, “More organisations will fall victim to information security incidents at their suppliers. From bank account details held by payroll providers, to product plans being shared with creative agencies, today’s organisation’s data is increasingly spread across many parties. While the IT function can provide an inventory of all data they hold, it is difficult to do that throughout the supply chain.”
The risk within the semiconductor supply chain is just as concerning. A number of reports from IHS iSuppli, a global market research firm, have focused on fraudulent semiconductors. The reports describe an alarming trend in the growth of counterfeit activity, stating that the number of counterfeit parts in the electronics supply chain quadrupled from 2009 to 2011.
Counterfeit and substandard semiconductors were not only found in phones, computers and other consumer goods, but also in potentially life-threatening applications, including military hardware, vehicles and medical equipment. The reports also list several other startling trends:
- More than 1,363 counterfeit events were reported in 2011, and each incident can include thousands of separate parts
- The number of high-risk suppliers to the U.S. government, including companies that sold suspect counterfeit product to military and commercial electronics channels, increased by 63 percent from 2002 to 2011.
- A total of 9,539 suppliers in 2011 were reported either for known involvement in high-risk, fraudulent and suspect counterfeit-part transactions or for conduct identified by the government as grounds to debar, suspend or otherwise exclude from contract participation. This was up from 5,849 in 2002.
- In all, 78,217 potential high-risk entities and suppliers to U.S. government agencies, defense contractors and subcontractors, as well as all military and commercial electronics application markets, were reported during the period from 2002 to 2011.
- This large and growing trend highlights the need for members of all tiers of the supply chain to implement tighter supplier-monitoring and procurement procedures in order to meet increasingly stringent regulations.
- For many manufacturers, particularly those that are required to support end products for 10+ years in the field, such as those used in defence and aerospace applications, much of the counterfeit risk lies in obsolete parts.
So what can be done to avoid counterfeit products, especially for those companies experiencing an end-of-life event or obsolescence?
Recently, a reputable supplier of critical hardware and software products to the U.S. Department of Energy, the U.S. Department of Defense, the Environmental Protection Agency, the United States Agency for International Development (USAID), and the National Aeronautics and Space Administration (NASA) experienced a critical semiconductor obsolescence scenario. The company needed to outfit navy vessels with critical semiconductor devices — logic octal buffers. Vital to a number of military applications, the logic octal buffers contain eight discrete buffer amplifiers in a single package and are employed to provide logic, speed and drive capabilities, such as memory address drivers, clock drivers, and bus-oriented transmitters/receivers.
The supplier received an end-of-life notice from the original manufacturer, and thus needed to quickly find an alternative long-term source to continue acquiring the control devices for the Naval Stocking Program (NSP). Making a last-time buy was not an easy decision for the supplier, as it can be difficult to accurately forecast last-time buy requirements and absorb the additional inventory and storage costs associated with last-time buys.
Procuring devices from authorised distributors was a short-term solution, but their inventory would not last for the 20+ years the supplier would need for maintenance to the Navy’s vessels. Without the ability to procure the semiconductor devices through the authorised channels, the aerospace and electronics manufacturer was left with few options; either risk buying counterfeit or substandard components through unauthorised sources, re-design the system, or engage with a authorised continuing manufacturer.
When the supplier contacted the original semiconductor manufacturer to check residual inventory, they were informed that an end-of-life manufacturing agreement with Rochester Electronics had been implemented to support the continuing needs of their customers.
The logic octal buffers needed to meet all military grade specifications and be a drop-in replacement for the devices from the original semiconductor manufacturer, since the re-design of a vessel’s hardware or software was not a feasible option. The supplier required high-quality components with short lead times, so as to minimize a lapse in availability.
The new parts needed to be exact re-creations, not emulations. Replication is a proprietary process uniquely differentiated from the standard process of device emulation. Device emulation only mimics a semiconductor device’s function and doesn’t necessarily match performance specs. Emulation methodologies attempt to duplicate the behaviour of a target design using a different system of cell libraries, process geometries and simulation data. Usually developed without the authorisation from the original manufacturer, emulated semiconductors “trick” the system software into believing that the new device is really the original OEM device. In practice, this approach is quite difficult, particularly when the exact behaviour of the device to be emulated is not documented or has to be deduced. Emulation methodologies ignore the internal timing and logical design structure of the target design. As a result, the exact reproduction of the external behaviour of the target device is not possible without numerous trial and error attempts. Because the device is not manufactured using the original intellectual property (IP) or a well-matched existing foundry process, the emulated device is more likely to fail over time or not perform completely to the original specifications.
Initial emulation design and development costs are typically low, but can quickly escalate during the trial-and-error foundry process. As the new semiconductor device is continuously tested and fails, repeating the design and foundry processes significantly increases the total development cost. Historically, even emulated semiconductor devices that pass inspection have a high in-field failure rate, adding to the total cost of the device as the expense of replacing the part as well as down-time is considerably higher than the original quote of emulating a semiconductor device.
Rochester Electronics re-created the devices using the wafer, die and intellectual property they received from the original manufacturer as part of their manufacturing agreement. Rochester was able to deliver the re-created devices, in military grade packages, in less than 30 weeks, which included the necessary time for original engineering-driven (OED) test protocol for the first-time build. The OED protocol uses the original test programs and test equipment from the original semiconductor manufacturer to ensure the proper test techniques and methodologies for all flow classifications and component types are met, delivering the highest quality replicate device.
Rochester was able to package the parts in sleeves of 7, 14, 20, 22 and 25 for the NSP to easily distribute the parts to government design teams.
The ability to re-create the logic octal buffers as drop-in replacements avoided significant engineering expenses including board replacements, re-designs, and re-qualifications of Navy vessel systems, ultimately saving hundreds of thousands of dollars.
Without that quick turn-around time, the NSP could have been without vital logic control components for existing and developing projects, setting projects back a minimum of 12 to 18 months.
Without the ability of a continuing semiconductor manufacturer to re-create critical components, companies would be forced to re-design entire systems or risk purchasing counterfeit/substandard devices. A re-design of a critical system can potentially cost millions, in addition to a lengthy re-qualification and re-testing process, which would mean innumerable lost hours of development time that could be better spent on creating new products.
Continuing semiconductor manufacturers offer a convenient and reliable option, which spares companies from the aforementioned issues intrinsic to pursuing gray market or counterfeit product options.
For industries with long life cycles, continuing semiconductor manufacturers supply a steady stream of authorised devices that match the original semiconductor’s performance in form, fit and function.