Dear Conference Participants,

We had an amazing time in San Diego last month and we hope you did too! It’s always a pleasure to make new friends and renew old acquaintances. On behalf of ERAI and its corporate sponsors, Crestwood Technology Group, 4Star Electronics, IDEA, Nisene Technology Group, Harry Krantz Company, CTrends and Sensible Micro Corporation, we would like to thank you once more for your contribution to the success of this year’s conference. Our highest priority is to provide stimulating meeting programs, an environment for sharing data, generating ideas and initiating collaborations and a platform for launching life-long relationships. We believe we achieved that goal!

The entire staff at ERAI is so grateful to be given the opportunity to host this event. While we work diligently to provide a well-organized, professional forum for professional growth, skills development and networking to take place, the true value comes from the subject matter experts that donate their time and expertise as speakers and instructors, the service providers that support our cause by way of exhibiting and your participation. Time together is essential to strengthening the foundation of our supply chain.

We are pleased to inform you that access to many of the presentations given at the conference are now available via the ERAI website in PDF format. There are more to be added so continue to check back for new additions. Speaker, instructor, and exhibitor information will remain on the website until the end of the year. We do recommend you visit the websites of our subject matter experts and exhibitors to evaluate the goods and services they offer that may be of value to your organization. These individuals and organizations are thought leaders and experts that are willing to share their expertise, so please reach out to them; they are waiting to serve you.

In closing, thank you again for attending, contributing to and supporting this event. Please stay engaged and stay in touch!

Sincerely,

Kristal Snider
Vice President, ERAI Inc.
ksnider@erai.com

Damir Akhoundov, ERAI

The Reporting Trend

The number of parts reported during Q4 of 2014 (270) was consistent with Q3 of 2014 (273). The first quarter of 2015 indicates a rise of 8% in the total number of parts reported (292 suspect counterfeit and nonconforming parts reported by ERAI in Q1 of 2015).



Testing Data Comparison

Number of Tests Conducted

During Q4/2014 and Q1/2015 we observed a fairly equal incidence of parts being rejected after undergoing one, two and three different testing techniques, with a sharp drop off in the incidents of parts undergoing four or more specific tests. A comparison of the number of tests undertaken over the last 5 quarters indicates that the sharp increase in Q2/2014 where parts were being rejected after just one test performed was not a trend-setting occurrence as the following three quarters indicate a more even incidence of rejection resulting after one, two and three tests were performed.



Testing Techniques Used

Q4/2014 and Q1/2015 show a continuation of the trend noted in previous quarters where the majority of the parts reported to ERAI were identified using three main testing techniques:

• Device Package External Visual Inspection
• Lead External Visual Inspection
• Remarking & Resurfacing Testing

The graph below shows a remarkable similarity between the last 4 quarters. We see a continued trend where these top three identification techniques are used on a large majority of the parts reported by ERAI. The graph below shows the comparison of all the testing techniques used in the last 4 quarters:



Types of Parts Reported

We examined the types of electronic components that were reported to ERAI during Q4/2014 and Q1/2015.
The top 10 part types accounted for 87% and 88% respectively of all parts reported during these two quarters:

• Memory IC
• Microprocessor IC
• Analog IC
• Programmable Logic IC
• Transistor
• Consumer IC
• Interface IC
• Logic IC
• Telecom IC
• Diode

The top four of these part types accounted for 62% and 66% respectively in Q4/2014 and Q1/2015, supporting the earlier trend that the majority of the parts reported to ERAI are comprised of four types of active components: memory IC; microprocessor IC; analog IC; and programmable logic IC. The incidents of other non-IC devices has remained in the single digits throughout the year.



Recurring Reports

We further examined the data to see if any of the recently reported parts were previously reported in the past and found that over the last four quarters close to 20% of the recently reported parts had already been reported by ERAI. Whether this is due to nonconforming/counterfeit parts not being eliminated from the supply chain or new batches of the same parts are continuously being counterfeited is unclear.



Furthermore, we looked at these "repeat offenders" and discovered that a large amount of these parts had multiple occurrences within the ERAI database over time: 47% in Q4/2014 and 60% in Q1/2015 of these parts were reported more than once in the past with some of them reported as many as 9 times before.



We continue to accumulate and examine the reported parts data in our database. The new classification system we enabled in 2014 allows us to gain a better understanding of the types and categories of reported parts we receive. As the sample size grows, we will be able to get better understanding of the trends in the constantly-evolving electronic supply chain. If you have any questions or suggestions, please do not hesitate to contact me directly at damir@erai.com.

In 2015, the following new features have been added to the ERAI website:

2015 ERAI Executive Conference Downloads

We hope you enjoyed the 2015 ERAI Executive Conference as much as we did. We have obtained permission from most of our speakers to provide their presentations to our Members. If you would like to revisit a presentation you enjoyed or if you did not get the chance to join us in San Diego, you can now download copies of many of the informative presentations in PDF format at the ERAI website. Simply go to Events in the top site navigation and select ERAI Executive Conference 2015. In the Conference submenu select "Downloads" to get to the downloadable presentations.

---

ERAI Blog Subscriptions

If you are interested in staying up-to-date on all new postings made to the ERAI Blog, we now offer a subscription service. Simply go to any ERAI Blog page and enter your email address into the "Subscribe to ERAI Blog" field and click on the "Subscribe" button. The ERAI website will send you alerts every time a new blog post had been added with a direct link to the newly added item.

---

Reported Parts Search Log

With the new DFARS regulations and the pervasiveness of suspect counterfeit parts throughout the supply chain, it is important for ERAI Members to be able to show due diligence was performed during the process of sourcing and trading electronic goods. With this in mind, ERAI has created a logging tool that makes a record of every reported parts search performed by our members on the ERAI website. The system records the entire process of a reported parts search including:

• The user that has performed the search.
• The date and time the search was conducted.
• The search criteria used to conduct the search.
• The pages of results that the user accessed (some searches may result in multiple pages of results so the system records which page(s) of results were in fact accessed and viewed).
• The actual reported parts within the search results that were accessed by the user.

Any user can later go to the Reported Parts Search Log tool and pull a report that shows the part searches conducted during a specific period of time by a specific user to be able to provide a proof of due diligence conducted on the part they may have provided to a third party that requires proof of such due diligence.

It is important to note that the Reported Parts Search Log not only records the details of the search performed, but also saves a "snapshot" of the database at the point the search was conducted. That means that when the tool is used to look at a specific search conducted at a prior date, the results that are displayed will look EXACTLY the same as they looked like at the time the original search was conducted. Therefore if any of the data was edited or new data was added since the search, the results will not reflect these recent changes and will only present the data EXACTLY as it looked like at the time of the search.

Furthermore, the logged search will ONLY show the data that the user had in fact seen at the time the search was conducted. If specific pages of the conducted search's results were not accessed during the original search, they will not be accessible in the log tool. Therefore the log will show not only what the user had search for, but also which parts of the search results the user had actually seen at the time of the original search.

As the recorded search is accessed, the user is presented with a detailed description of the search including:

• User: Name of the user that originally conducted the search
• Email: Email address of the user
• Total parts found: Shows the number of parts within the search results and number of pages of results
• Pages of results viewed: Shows the number of actual pages of results accessed by the user
• Actual records accessed: Number of actual reported part profiles accessed by the user
• Date: Date the search was conducted
• Type of search: Quick search
• Part Number: Part number searched for by the user
• Manufacturer: Manufacturer searched for by the user

Users can then look at the data the original user conducting the search viewed and can then print out a Certified ERAI Search Report. The Certified ERAI Search Report contains the same information with the addition of watermark seals on the main search description page as well as on every specific part profile page of the report. The watermark seal includes a date of access and an individual numeric ID that a third party can use to verify the authenticity of the search data and a search date from the ERAI website, providing ERAI Members with a detailed and verifiable record of a part search conducted.

An example of a main search verification watermark seal is below:



Each part profile accessed during the search will show its own verification seal that also lists the part number as well as the numeric ID and the exact date and time the reported part's details were viewed by the user (see below):



The numeric ID on the bottom of the seal can be used to verify the authenticity of the information by visiting the ERAI Reported Parts Search Log and searching by Search Reference ID or Part Reference ID.

This new tool is included as part of ERAI membership and is available to all current ERAI subscribers. To access the ERAI Reported Parts Search Log, simply log into the ERAI website and go to the "Search" tab in the top navigation.

Users without administrative rights on the ERAI website will only have access to their own search logs. Users that have Company Administrator privileges are able to search throughout the logs of all users within their company.

---

Nonconforming Parts Submission Categories

The ERAI website online reported parts submission form now offers an option to use our Reported Parts Category Database-based submission routine that enables you to use a simple checkbox list of over 75 types of non-conformities to "build" your reported part's description.

To use this method of submission when reporting a nonconforming part to ERAI, please click on the "Report" tab in the ERAI website top navigation, then select Report a Part in the resulting submenu. Once you enter the basic part information you will be presented with a choice to write your own description of non-conformance or to use ERAI's Nonconformance Category Selector.

---

US Consolidated Screening List

ERAI Members can now search the US Government's Consolidated Screening List (CSL) directly on the ERAI website. Per the Bureau of Industry and Security, "the CSL is a streamlined collection of nine different "screening lists" from the U.S. Departments of Commerce, State, and the Treasury that contains names of individuals and companies with whom a U.S. company may not be allowed to do business due to U.S. export regulations, sanctions, or other restrictions. If a company or individual appears on the list, U.S. firms must do further research into the individual or company in accordance with the administering agency’s rules before doing business with them."

We have integrated the search from all 9 screening lists in one easy to use tool on the ERAI website. You can run a quick search through all 9 lists or you can narrow down your search to a specific list and even filter the results pertaining to a specific country.

To access the US Consolidated Screening List search, simply log into the www.erai.com and click on the "Search" tab in the top navigation of the website.

Anne-Liese Heinichen . ERAI, Inc.

ERAI has recently reported multiple cases of suppliers’ emails being hijacked or infiltrated resulting in multiple Buyers losing over $35,000.00 in just over one week alone.

According to federal investigators, this is a common swindle that targets companies who routinely conduct international transactions through wire transfer payments. Business email compromise, or BEC, has been a growing concern for the Federal Bureau of Investigation (FBI) and the Internet Crime Complaint Center (IC3) who have recently released notices advising companies to exercise due diligence when making payments, even to trusted and recurring suppliers with whom companies have long-standing relationships.

The three cases of business email compromise seen by ERAI were:

Case 1

A buyer placed an order with a US-based supplier. Unbeknownst to the supplier, their email account had been infiltrated and communications were being intercepted. The imposter commenced communications with the buyer and instructed the buyer to send payment via Western Union to the United Kingdom (note: the original proforma invoice indicated wire transfer in advance or credit card terms). The buyer rendered payment via Western Union. When the buyer inquired about the whereabouts of their product, the supplier advised the buyer that payment had not been received. When the buyer provided copies of email communications allegedly from the supplier, the supplier realized their email account had been compromised.

Case 2

A buyer placed an order with a supplier. Before the proforma invoice was generated, the imposter contacted the buyer instructing them to issue payment via Western Union. The buyer issued payment via Western Union and the funds were picked up by the imposter before the buyer realized they had been scammed.

Case 3

Two ERAI Members, who had a long-standing business relationship, entered into an agreement for two orders which allowed the buyer to test/inspect the product prior to payment being issued. After the first shipment was delivered, an imposter contacted the buyer stating a new bank account had been opened and requesting payment via wire transfer. The buyer replied to the email and confirmed the bank change and advised payment was released. A month later, the buyer again received a payment request for a second order; without question, the buyer released payment. Within an hour of sending the second payment, the buyer was contacted by the seller indicating their email account had been compromised and warned the buyer to cease from any further transactions. The buyer attempted to recall both wires; however, the buyer’s bank advised them that as soon as funds were deposited into the fraudulent account, the monies were withdrawn.

These three cases illustrated a common scheme commonly referred to by law enforcement as “The Bogus Invoice Scheme,” “The Supplier Swindle,” and “Invoice Modification Scheme.” This scheme involves not only email spoofing, but cases involving fraudulent faxes and phone calls have been documented. Many times, when emails have been spoofed/hacked/infiltrated, the emails have involved mass email providers such as Yahoo, Gmail, AOL and Hotmail; although there have been reports of scammers accessing company’s internal email servers.

According to the IC3, from 10/01/2013 through 12/01/2014, there were a total of 2126 victims of reported crimes with a combined total dollar loss of $214,972,503.30 amounting to an average loss of $101,115.95 per victim.

Tips to avoid becoming a victim of business email compromise:

1. Employee training and awareness: Educate your employees and share these cases with your organization, from top to bottom. Make everyone aware of cyber-crime and instruct employees to delete spam emails.
2. Pay attention to the small details: When communicating with all of your business partners (including companies with which you have a long-standing relationship), pay attention to the general language and tone, look for spelling mistake and double check email addresses. These recent incidents have shown that the fraudsters do their research and do not necessarily write badly or with grammar mistakes.
3. Be wary of companies requesting different methods of payment: If payment instructions change, verify them with the company you are dealing with verbally.
4. Avoid free web-based email accounts: Establish and use your own email domain.
5. Do not use the “Reply” button: Type in the recipient’s email address yourself or select the name from existing contacts.
6. Establish a call-back protocol: Make it part of your standard operating procedure to call suppliers and verify banking information and account numbers prior to sending payment.
7. Require two separate individuals to authorize wires/payments: Establish who and how payments are authorized.
8. Enable two-factor authentication for emails: Hardware and software 2FA systems can provide an IT solution.

Sources:

http://krebsonsecurity.com/2015/01/fbi-businesses-lost-215m-to-email-scams/

http://www.csoonline.com/article/2874166/identity-theft-prevention/fbi-and-irs-warn-of-pervasive-maddening-business-consumer-scams.html#tk.rss_news

http://www.networkworld.com/article/2393048/malware-cybercrime/fbi-warns-businesses-man-in-the-e-mail-scam-escalating.html

Additional Resources:

http://www.onguardonline.gov – The Federal Trade Commission's website to help you be safe, secure and responsible online.

http://www.ic3.gov - The Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), accepts online Internet crime complaints from either the actual victim or from a third party to the complainant.

http://www.nw3c.org - NW3C provides a nationwide support system for law enforcement and regulatory agencies involved in the prevention, investigation and prosecution of economic and high-tech crime.

Below are the top ten historically reported parts that have re-emerged during the last four quarters (Q2-2014, Q3-2014, Q4-2014 and Q5-2015)

Part number	Manufacturer	Number of times previously reported by ERAI
UCN5804B	ALLEGRO MICROSYSTEMS INC	20
AN2131QC	CYPRESS SEMICONDUCTOR CORP	11
EE80C196KB16	INTEL CORP	11
LUPXA255A0E400	MARVELL SEMICONDUCTOR INC	9
MC68HC811E2CFN2	MOTOROLA INC	8
RC28F256K3C120	INTEL CORP	8
ICM7170AIBG	INTERSIL CORP	7
S5935QF	AMCC	7
UDN2595A	ALLEGRO MICROSYSTEMS INC	7
MC6809P	MOTOROLA INC	7

Quantifying Counterfeits: A Moving Target
http://electronicspurchasingstrategies.com/2015/03/25/quantifying-counterfeits-a-moving-target/

DLA director discusses logistics at NDIA
http://www.dla.mil/DLA_Media_Center/Pages/newsarticle201503240100.aspx

San Francisco Man And Company Indicted For Smuggling Sophisticated Electrical Components To Russian Federation
http://www.justice.gov/usao-ndca/pr/san-francisco-man-and-company-indicted-smuggling-sophisticated-electrical-components

Battelle Introduces Breakthrough Anti-Counterfeiting Detection for Integrated Circuits
http://www.marketwired.com/press-release/battelle-introduces-breakthrough-anti-counterfeiting-detection-integrated-circuits-2001233.htm

Mitigating the Risk of Counterfeiting: Continuous Certifications & Accreditations
http://www.ebnonline.com/author.asp?section_id=3721&doc_id=276875

To Buy or Not to Buy From Independent Distributors
http://globalpurchasing.com/blog/buy-or-not-buy-independent-distributors?NL=ESB-01&Issue=ESB-01_20150304_ESB-01_896&sfvc4enews=42&cl=right_4_1&YM_RID=CPG05000002121502&YM_MID=1306&elqaid=1306&elqat=1&elqTrackId=65a2774c4ea44107a85bfd0e6e2e1a25

Counterfeit electronic parts: Manufacture of and avoidance
http://articles.sae.org/13923/

Your Supplier’s Inside Threat, Your Security Risk
http://www.ebnonline.com/author.asp?section_id=1162&doc_id=276665&itc=ebnonline_sitedefault

Clifton's NJ Micro-Electronic Testing sued over bad plane brakes
http://www.northjersey.com/news/clifton-s-nj-micro-electronic-testing-sued-over-bad-plane-brakes-1.1265108

Cybersecurity Now Key Requirement For All Weapons: DoD Cyber Chief
http://breakingdefense.com/2015/01/cybersecurity-now-key-requirement-for-all-weapons-dod-cio/

Electronic Waste Rules Could Help Thwart Flow of Counterfeit Parts
http://www.nationaldefensemagazine.org/archive/2015/February/Pages/ElectronicWasteRulesCouldHelpThwartFlowofCounterfeitParts.aspx

Stopping Hardware Trojans in Their Tracks
http://spectrum.ieee.org/semiconductors/design/stopping-hardware-trojans-in-their-tracks/?utm_source=techalert&utm_medium=email&utm_campaign=012215

Regulatory Environment Heats Up for Electronics Suppliers, Buyers
http://globalpurchasing.com/blog/regulatory-environment-heats-electronics-suppliers-buyers

The federal Defense Criminal Investigative Service and the U.S. attorney's office for the Western District of Virginia have launched a probe of a Yaphank electronics supplier, a DCIS spokeswoman said Thursday.

The spokeswoman for the DCIS, a unit of the Department of Defense Inspector General's office, declined to provide details about the investigation of 1-Source Electronic Components.

Efforts to reach 1-Source CEO Richard Lodato were unsuccessful.

On its website, 1-Source describes itself as a provider of "engineering, manufacturing, design and logistics support to customers." The 14-year-old company based in Yaphank has offices in China and Central America.

Source: Newsday
http://www.newsday.com/business/probe-launched-of-yaphank-electronics-supplier-1-source-1.9787644

On February 10, 2015, the US House of Representatives passed H.R. 810, "National Aeronautics and Space Administration Authorization Act of 2015”. The bill will be introduced into the Senate for consideration.

The bill provides funding for the National Aeronautics and Space Administration (NASA) for space exploration, research and development and operations. Of relevance is Section 711 which provides revised language to the FAR’s NASA Supplement addressing the detection and avoidance of counterfeit parts.

Section 711 states that contractors are responsible for:

• Detecting and avoiding suspect/counterfeit parts (includes products containing electronic parts)
• Rework costs and corrective action if suspect/counterfeit parts are supplied

Unless:

• the covered contractor has a reviewed and approved counterfeit parts detection and avoidance system
• the contractor provides timely notice defined in subparagraph (D) as 30 calendar days if they become aware, or have reason to suspect, that any end item, component, part, or material contained in supplies contains counterfeit electronic parts or suspect counterfeit electronic parts, or
• suspect/counterfeit parts were provided in accordance with Part 45 of the FAR.

Contractors and subcontractors “at all tiers” must obtain parts that:

• are in production or currently available in stock from the original manufacturers of the parts or their authorized dealers or from suppliers who obtain such parts exclusively from the original manufacturers of the parts or their authorized dealers, and
• are not in production or currently available in stock from suppliers that meet qualification requirements established pursuant to subparagraph (C) which allows the Administration to identify suppliers that have appropriate policies and procedures in place to detect and avoid counterfeit electronic parts and suspect counterfeit electronic parts

Subparagraph (D) however does permit contractors and subcontractors to identify and use additional suppliers beyond those identified pursuant to subparagraph (C) provided that -

• the standards and processes for identifying such suppliers comply with established industry standards;
• the contractor or subcontractor assumes responsibility for the authenticity of parts provided by such suppliers as provided in paragraph (2); and
• the selection of such suppliers is subject to review and audit by appropriate Administration officials.

Supporters of the bill include The Aerospace Industries Association, The Boeing Company, Exelis, Inc., The Planetary Science Institute, The Coalition for Space Exploration and The Planetary Society.

Read Section 711 of H.R. 810: http://www.erai.com/CustomUploads/Sec_711_HR_810.pdf

Read the entire bill: https://www.govtrack.us/congress/bills/114/hr810/text

Resources: http://www.gop.gov/bill/h-r-810-national-aeronautics-and-space-administration-authorization-act-of-2015/

	We Threw Military Electronics in the Trash – China Sold Them Back to Us Why you should read it: Learn how e-waste threatens the US Military and how more stringent waste and recycling policies can reduce the threat posed by counterfeit electronics and pollution and decrease conflicts in war-torn countries. ERAI Insight: While most of the industry is already aware of the impact that e-waste has had on the global electronics supply chain, the military has only recently started understanding the dangers posed by discarded electronics. Parts sent for “recycling” by consumers are winding up in China or Africa where they are mishandled and tampered with, blacktopped and resold back to the US as new parts. These counterfeit parts have been detected in Navy and Air Force aircraft and systems as well as in the THAAD missile defense system. Aside from reducing risk to US national security, the proper recycling of discarded electronic parts could also alleviate conflicts in war-torn African nations that produce the minerals (e.g. coltan, wolframite) necessary for the production of electronics. Along with enforcement of the Dodd-Frank Act, extended producer responsibility laws and disposal bans in civilian policy are required to reduce the counterfeiting of electronic parts. http://www.erai.com/CustomUploads/ca/wp/2015_3_War_Is_Boring.pdf
	Counterfeit Detection Strategies: When to Do It / How to Do It Why you should read it: Read a summary of the common sources of counterfeit parts, common detection methods and recommendations from DfR Solutions on risk mitigation. ERAI Insight: This paper provides a concise summary of the four main ways that counterfeit parts enter the supply chain as well as main detection methodologies. While many testing methods can be seen as expensive and unnecessary, a test approach can be determined by the application of the product. In tune with widely-accepted industry standards, DfR Solutions argues that risks posed by counterfeit parts should be assessed by each end-user as to the probability of a counterfeit encounter, volumes of parts being purchased and the overall mission risk. http://www.erai.com/CustomUploads/ca/wp/2015_2_Counterfeit_Detection_Strategies.pdf
	2015 Situation Report on Counterfeiting in the European Union Why you should read it: This report presents a summary of counterfeiting activity in the European Union and details the criminal networks that produce and distribute counterfeited goods, how the goods are transported and efforts being made by law enforcement. ERAI Insight: Although not limited to electronic parts, this summary report presents a comprehensive large-scale view on IP theft in the European Union. The report describes how counterfeits harm not just consumers and businesses but have now become a source of funding for organized crime groups due to higher profit margins and less risk compared to drug trafficking. The report also uncovered that while the majority of counterfeits originate outside of the EU, there is evidence of domestic EU production of counterfeits. Organized crime networks within the EU and abroad are working more closely together in a well-organized fashion to effectively use the Internet to sell counterfeit goods to European customers. http://www.erai.com/CustomUploads/Executive%20Summary%20EN.pdf