Download this article in PDF format.
Counterfeit electronics are a problem that impacts both the public and private sectors of the U.S. economy. According to ERAI, there were total of 786 suspect counterfeit and nonconforming parts in 2023. This was a slight increase over the previous year and part of a steady, year-over-year growth in counterfeit electronics. “The number of parts being reported to ERAI has been increasing the last two years despite a downward dynamic in global semiconductor sales,” the organization says.
Government agencies may be especially prone to the problem due to the high volume of parts and components they need to keep their operations running. “Experts have estimated that as many as 15 percent of all spare and replacement semiconductors purchased by the Pentagon are counterfeit,” SIA’s Brian Toohey pointed out at an SASC hearing. “Overall, we estimate that counterfeiting costs U.S.- based semiconductor companies more than $7.5 billion per year, which translates into nearly 11,000 lost American jobs.”
Now, two U.S. senators have joined forces to draft legislation meant to protect American cybersecurity by ensuring that agencies don’t unintentionally procure counterfeit electronics, or those products made and sold by unauthorized sellers. The Securing America’s Federal Equipment (SAFE) in Supply Chains Act, was introduced in July by John Cornyn (R-TX) and Gary Peters (D-MI).
“From the pandemic to Russia’s attack on Ukraine and other global conflicts, the last few years have taught us just how important a secure domestic supply chain is to America’s national security,” said Cornyn in a statement. “This commonsense legislation would require government agencies to only purchase reliable electronics from trustworthy sellers, helping safeguard our cybersecurity from bad actors around the world.”
“The federal government has a responsibility to purchase technology that will help keep Americans’ data secure and strengthen our defense against a potential cyberattack,” Peters added. “This legislation takes an important step towards protecting our national security interests and securing our domestic supply chains.”
What’s in the Bill?
Under the Defense Federal Acquisition Regulations (DFARs), in order for businesses to contract with the U.S. military, it must only acquire electronic products from authorized OEMs or sellers. However, the senators say that there are still many cases of federal government employees purchasing technology from grey-market sellers rather than authorized sellers.
“Grey-market sellers may circumvent trusted supply chains and provide counterfeit technology that could harm security networks within the federal government,” they say. “These counterfeit devices are often older and may contain unsafe and unreliable components, causing technology to malfunction or completely fail, leading to significant damage to networks and operations.”
The Securing America’s Federal Equipment (SAFE) in Supply Chains Act would:
- Prohibit the head of an agency from using a covered product from an entity other than an original equipment manufacturer or authorized seller.
- Allow the head of an agency to waive the prohibition of a covered product, upon written notice to the Director of the Office of Management and Budget (OMB), if they determine the waiver is necessary in the interest of national security.
- Require written notice on justification for waivers and any security mitigations that have been implemented and a plan of action to avoid future waivers for similar future purchases.
The Risk of Counterfeit Components
According to Fed Scoop, this new bill comes as counterfeit devices have already been found in sensitive government and military systems. In May, for example, a man was sentenced to six years and six months for running an operation to traffic counterfeit Cisco equipment following prosecution by the Department of Justice. Those products often didn’t work or malfunctioned, and numerous counterfeit devices originating from the operation were discovered in highly sensitive governmental applications, such as classified information systems.
“The risk of counterfeit components compromising our federal IT systems is a clear and present danger that must be addressed,” Campbell told FedScoop. “At Cisco, we know that the security of technology is intrinsically linked to the trustworthiness of its source and support the bipartisan SAFE Act’s efforts to ensure that the lifeblood of our government’s digital infrastructure is drawn from secure and reputable sources.”