One day on-silicon technology to securely and uniquely identify and track chips would be implemented. That would entail extra cost, yes, but it would solve all of the above (potentially disastrous) problems.
Often counterfeit parts are actually recovered, used parts as it is cheaper than to make a counterfeit. Who is sending their old electronics to China for recycling? My council recycles all plastics, but our country has facilities for recycling only some so the rest gets chopped up and shipped to China where it is burnt uncontrolled for fuelling power plants, furnaces, etc... We are creating our own issues by recycling without knowing/controlling where the recycled goods end up.
Another source of parts is rejected batches of genuine parts.
The timers for my heated bathroom towel rails failed within 2 months, caused by a fake X2 capacitor. A 5c part resulting in failure of a 35$ product. The manufacturer might have saved 1c on the BOM cost, but what is the cost of the warranty claim?
Part of the problem is that the Aerospace/Military industry is working with products that were designed many years ago. These companies can no longer get some of the components from their vendors because they are now obsolete. They are forced to go to the "gray market" for them. But there are some simple tests that can be used to screen out the counterfeits.
"The report concludes that China is responsible for more than 70% of the suspect components." I would look elsewhere, a bit closer to home where the limitless greed blooming and ready to sacrifice anything for a bit more profit.
Normally if supply and management personel do the right thing this counterfeit issue may not happen. A lot of time I found that someone did not place a last time buy (LTB)order until the LTB date expired and he/she has to scramble and buy parts from the grey market. Another case would be someone forgot to place order for a long lead time part, and had to source part from a grey market to meet their manufacturing delivery date. So, some one has to be blamed for suplly and management's scew up - that would be the counterfeiter.
The problem looks to be within the military buying process where somewhere the quality is being compromised in the name of cost savings or the norms are being overlooked in the name of emergency replacement of failed parts.
Out with COTS. Require all vendors to provide qualified parts with valid qualification. Get rid of military project managers that say "do not let the Mil Specs get in your way" (a quote from a project manager when I worked with a military contractor). If a part is returned to the vendor it is no longer a qualified part, it's chain of custody is no longer verifiable. Lets get some quality USA vendors and get rid of foreign vendors. We do not have control over foreign vendors, we can have control over US vendors. Vendors would have to pass an unannounced, random, inspection to verify contract compliance.
One way that counterfeit components can get into the legitimate stream is by returns. A firm buys 10K pieces of a product from a grey-market source and 10K from a known supplier, then returns the grey-market products to the legitimate supplier for credit.
What sort of different management practices would those be? Most defense contractors lack the capability or knowledge to re-test an IC against all of the manufacturer's data sheet parameters to determine whether the IC is what its markings say it is.
Certain practices could be implemented, like establishing and auditing certain trusted distributors, and procurement rules (and penalties) that address the issue of "known instances of the use of suspected counterfeit components were not reported promptly to the DoD by contractors."
But your proposed solution focuses on just one link in the supply chain -- the defense contractor -- and ignores the real problem, which is that "defense contractors are frequently unaware of the ultimate source of parts used in defense systems." Without auditable chain of custody for all parts used in their systems, a defense contractor can't know with certainty if a part is counterfeit -- he can only suspect that one might be.
In some ways the problem with counterfeit ICs is not so different from the problem of expertly counterfeited currency. If a cashier unknowingly passes an excellent counterfeit $20 bill to you, without using sophisticated methods of detection, you assume it's genuine and you spend it. Eventually, after changing hands several times, the counterfeit is detected. Who is responsible? The last person who handled it? Everyone before him who handled it and didn't know?