DOD says it needs a trusted supplier plan, but one already exists
The Defense Department says it wants a trusted supplier plan, and the laws are in place, but getting the rules implemented just keeps dragging along.
It can't be easy for Defense Department managers these days. Everything is in flux as the Pentagon tries to figure out multi-year timelines for everything from the size of the forces to how to get clean financial audits for the armed services. But there's one quandary that the leadership is trying too hard to solve on its own.
I'm talking about rules, or more precisely, the lack of rules to detect and prevent counterfeit electronic parts from entering the DOD supply chain as required by Section 818 of the Defense Authorization Act of 2012. Yep, even though we're deep into fiscal 2014, the Defense acquisition authorities still haven't issued the required implementing rules.
DOD is supposed to define “counterfeit,” and “suspect counterfeit”; institute a risk-based approach to minimizing the impact of bad parts; and establish remediation and sanctioning processes for suppliers who sell counterfeit parts. The necessary DFARS were to have been written, commented on, and finalized more than a year and a half ago.
Equally important is Section 818’s call to establish criteria for trusted supplier standards that would apply to contractors, subcontractors, and everyone to the outer reaches of the government supply chain. It specifically references “established industry standards” for processes for identifying trusted suppliers.
At a meeting with industry in late March, officials promised a long-awaited rule to change the purchasing systems of prime contractors with cost accounting systems. The trouble is, the promised 181-page rule won’t cover the typical suppliers of the riskiest electronic components. For that, a second rule is in process to define how suppliers of such items are to be trusted. Based on all the comments from all the different perspectives, it looks like this could take a while.
Sadly, it doesn’t need to be this way. You can find long-established industry best practices for risk-based management in the acquisition of parts no longer available from OEMs or their authorized distributors. Airlines, for one, figured out this problem decades ago when they faced an onslaught of phony mil-spec connectors and more recently in the 1990’s when they dealt with bogus electronic parts.
In my opinion, the best practices for independent suppliers are enshrined in Society of Automotive Engineers (SAE) standard AS6081. The latest revision is fairly new -- November 2012. A whole ecosystem of suppliers, certifiers and training exists around AS6081. How come DOD doesn’t simply reference this standard in its rulemaking and be done with it?
I suspect the quandary stems from a zero-tolerance tone in the statute combined with DOD’s desire to accommodate as many suppliers as possible. So what will constitute trust? Will it be the rigor of the trusted foundry certifications required of the Defense Microelectronics Activity (DMEA)?
Or will “Trusted Supplier” become a legal gotcha for suppliers who are forced to compete on price in the absence of risk-based requirements and industry-grade standards and certifications?
“There are no 100 percent guarantees, but you have to start somewhere,” says Travis Thoman of Secure Components, an independent distributor. “If a buyer is asked to procure a part no longer available from the Original Component Manufacturer (OCM) or their authorized distributors, he or she is forced into the secondary market. This is where repair parts come from. This is where the risk is and this is where DOD contractors are asked to buy parts based on a part number for the lowest price.”
It would be easy for DOD to hold suppliers to the highest standards and certifications. But for the schema to be risk-based, buyers must bear half the burden. How deeply a part needs to be tested depends on whether it’ll be used to fix an officers club pinball machine or a seat ejection circuit on a fighter jet. No one but the buyer should define the level of assurance required to make a part technically acceptable. DOD needs to pick an applicable industry standard and train to it. Those in industry who can’t step up will not be trusted.
Here’s a company blog on the AS6081 standard and how it helps organizations avoid buying counterfeit parts--especially those that are no longer available from OEM/OCM-authorized sources. This all seems very straightforward to me and I’m hoping DOD will be able to thread the needle on this rulemaking soon.
Way back in the summer of 2011, Congress estimated that more than 1 million parts in the government supply chain were counterfeit.
Experts say the threat continues to grow. Meanwhile the word count of proposed rules climbs, and the months go by.