The United States Navy orders a block of servers. Upon receiving them, it discovers that 70 percent of them are counterfeit. From poor laptop battery quality to potential hacks on the Joint Strike Fighter, poor supplier quality and intentional mischief within the technology supply chain are grabbing plenty of negative attention. Technology companies have long been focused on the efficiency of their supply chains; today, they are increasingly focused on supply chain security.
To control costs, increase flexibility and move to higher-margin solutions and bundled services, brand-owning OEMs have become “original equipment integrators” (OEIs) and left the literal nuts and bolts to their suppliers. Yet the reliance on multiple tiers of outsourced design, supply, logistics and manufacturing has increased the complexity of the industry’s supply chain. Complexity inhibits supply chain visibility. It provides greater opportunities for product tampering. It conceals poor-quality suppliers and counterfeit components. In addressing their cost and margin problems, OEIs have created a security problem.
Tech companies have made supply chain investments that have increased manufacturing efficiency, reduced transportation expenses and improved service levels, but they have not fully addressed gaps in visibility and quality that compromise supply chain security. Supply chain security requires a comprehensive solution, rooted in disciplined processes and supported by technology, that is properly aligned with the different types of products that move across the chain.
A secure supply chain protects high-tech products and embedded software against purposeful tampering, component substitution and adulteration. It protects end users from product failure or sabotage and brand owners from financial and reputation losses. The multitier supply chain, with its shifting and overlapping network of global logistics, design, component and manufacturing providers, poses a unique challenge: Investments in security must be proportionate to the financial and community risk posed by the failure of the end-use application.
Manufacturers can begin to target their investments in supply chain security appropriately by segmenting their products according to two characteristics: complexity and criticality.
Complexity measures the degree of hardware, software and design integration within a product. Criticality represents the impact—from a minor inconvenience to a national threat—that a counterfeit or low-quality component or product could have on the end-use app.
Low-complexity, low-criticality products are typically commodities. If compromised, such products may damage consumer confidence, inconvenience end users and harm brand equity but pose minimal danger to the broader community. Conversely, the failure of high-criticality products can have a serious impact on end-use applications, their users and society. Such applications include electronics for military applications, the public Internet, aerospace, the power grid and public safety.
Segmenting products by complexity and criticality can help companies balance the cost and risk of investments in supply chain security. Not every product can be made totally secure. By focusing on complexity and criticality, companies can employ a tiered set of capabilities that can appropriately hedge supply chain risk and support fault-tolerant processes.
The security needs of low-complexity, low-criticality products can often be addressed through rigorous sourcing processes, third-party audits or certification, and the cultivation of long-term supplier relationships. The most complex and critical products require investments in process and technology, particularly product pedigree and track-and-trace solutions to provide the highest possible degree of visibility across all tiers of the supply chain.
Investments in supply chain security face the typical internal resistance to “avoidance” initiatives. The structured approach to security can overcome such skepticism by outlining the potential increases in profit and reductions in working capital that can be tied to investments in security. It should be made clear that the improvements to supply chain visibility and quality that arise from security initiatives can reduce costs, increase margins and improve working capital utilization.
The shift to global supply chain operations has transformed how high-tech companies deliver products and services. Pragmatic investments in security can extend OEMs’ gains.
About the author
Craig Gottlieb is a senior manager in Accenture’s management consulting practice.
The article raises a number of issues that need to be addressed, first the supply of genuine parts and second the relative verification levels needed for components and sub-assemblies given their end use. If a company supplies a product that is used in safety critical applications then it is imperative to both consumer and producer to have the cradle to grave documentation trail for all the components. This adds cost, but avoids failures due to counterfeit components; in addition testing should be more rigorous given the end use. In non-critical applications perhaps a more rigorous test on received sub-assemblies and major components could provide enough protection to the brand and manufacturer's reputation. Just a few thoughts, any other cost effective suggestions?
This article doesn't address more detailed approach regarding what measures can be taken to address the security concerns in the supply chain of highly critical and highly complex components. But as craig suggested supply chain security concerns for less critical low complex components should be solved by multiple sourcing but should be careful when new distributors are used for components in emergency purposes. I've even come across when we received fake ferrite beads from a local distributor.
David Patterson, known for his pioneering research that led to RAID, clusters and more, is part of a team at UC Berkeley that recently made its RISC-V processor architecture an open source hardware offering. We talk with Patterson and one of his colleagues behind the effort about the opportunities they see, what new kinds of designs they hope to enable and what it means for today’s commercial processor giants such as Intel, ARM and Imagination Technologies.