No Jitter is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ICT Knockoffs

You have heard of Rolex knockoffs, women's fashion knockoffs. You need to learn of ICT (i.e., IP communications) knockoffs, counterfeit electronics. Counterfeit parts mean less reliability, degraded security and decreased safety for the purchasing organizations. I have visited this subject before in two blogs, "Is Your Network Counterfeit? (Part 1)" and "The Counterfeit Network: Penalties and Prevention--Part 2".A 252-page report published in January 2010, "Defense Industrial Base Assessment: Counterfeit Electronics" (PDF) prepared by the U.S. Department of Commerce, Bureau of Industry and Security, Office of Technology Evaluation may appear too overwhelming to read, but you should read at least the executive summary. This report was requested by the U.S. Navy in June 2007. The Navy suspected that there were an increasing number of counterfeit and defective electronic components entering the DoD supply chain.

The report covered five elements of the supply chain:

* Original component manufacturers (OEMs) * Distributors and brokers * Circuit board assemblers * Prime contractors * Subcontractors

A total of 387 companies and organizations representing all five elements of the supply chain participated, covering 2005 to 2008. The study data revealed that 39% of the companies and organizations encountered counterfeit electronics.

An example was the purchase of counterfeit Cisco equipment that included:

* Routers with models in the 1000 and 2000 series * Switches with model numbers WS-C2950-24, WS-X4418-GB ( for the CAT4000 series) * Gigabit Interface Converter (GBIC) model numbers WS-G5483 and WS-G5487 * WAN Interface Card (WIC) model numbers WIC-1MFT-E1, WIC-2MFT-G703 and WIC-1DSU-T1-V2

Cisco Gold and Silver partners were the ones that purchased the counterfeit equipment. The partners then sold the counterfeit equipment to the government and defense contractors. Cisco sells indirectly through five major distributors, two of which sell to the government though GSA contracts. The only exceptions for direct sales are for highly specialized equipment sales such as to intelligence community agencies and large telecom providers. The typical enterprise also buys their Cisco equipment through distributors.

Counterfeit network components can fail immediately or early in their life cycle. Secure computer access may not be secure computer access--encryption systems can be weakened and compromised. Here are some more examples of the possible effects of installing counterfeit electronics:

* Cisco WAN interface cards (WIC) were purchased for installation in Cisco 2811 routers. The counterfeit cards caused routers to drop off the network. * Duplicate MAC addresses shut down an end user's network. * The North American weather network of a government agency upgraded their network and it immediately failed. * A Cisco 1721 router power supply caught fire. * Each of these organizations not only had the problems, but then had to procure replacement equipment, raising the total cost above what would have been the non- counterfeit cost. * Each organization spent many labor hours trying resolve the problems at additional cost.

The Department of Commerce report provided a set of recommendations for dealing with electronics procurement and the avoidance of counterfeit components:

* Provide clear written guidance to the procuring personnel. This should include the testing and inventory management functions. * Set up procedures that can detect and report on the suspected components. * Purchase from OEMs or their authorized suppliers or require part traceability. * Create a list of trusted suppliers. * Use third party escrow services to hold back the payments until successful component testing has been completed. * Destroy all defective, damaged and substandard parts. * Create a database of suspect parts.

The report details several more recommendations.

It is disconcerting to have counterfeit parts in your network. Think of the reliability and security ramifications if counterfeit parts are used. You won't know of the bad parts until after the problems surface. Not only will your organization suffer, so will your career.