Minnesota-based Verify Brand through their VB Enterprise platform helps defense contractors and original equipment manufacturers (OEM) secure and identify counterfeit electronics and infrastructure that can be embedded with malicious software (malware). The U.S Department of Defense has proposed a change in U.S compliance laws that will hold contractors responsible for the detection and avoidance of counterfeit electronics. The proposed rule change would require defense contractors to pay for any corrective actions if counterfeit parts are found or suspected. The Verify Brand platform, VB Enterprise, is a turnkey solution for any contractor or OEMs needs, says Mark Prokosch, Vice President of Verify Brand in an interview with Defenseworld.net. The platform is designed to provide complete proof of secure chain of custody for products and ensures each item is authenticated upon government receipt.
DW : Can you elaborate on the security measures you provide to the DoD in terms of serialization, traceability and authentication of high-value military electronics?
Mark Prokosch: As military networks, equipment and communications all become increasingly connected, they’ve become a high-value target for cyberattacks. Those attacks could seek to steal sensitive military data, monitor communications or harm infrastructure. One of the methods for conducting these attacks is through insertion of counterfeit electronics – which can be embedded with malicious software (malware) – into legitimate but unsecured product supply chains. These counterfeit electronics are then accepted by the military or government and connected to their networks, where the malware begins its destruction. Malware attacks also can occur through the divergence of electronics from the legitimate supply chain into what are known as gray markets, where they are at risk for tampering and malware infections. In other cases, older genuine components are inserted since they contain security vulnerabilities, these components would be obscured as being current parts. We can help defense contractors and original equipment manufacturers (OEM) secure their electronics by providing complete proof of secure chain of custody for their products and ensuring each item is authenticated upon government receipt.
DW : Can you give us an overview of the DoD’s compliance rules? How do they affect you?
Mark Prokosch: The DoD recently proposed a rule change that would hold contractors responsible for the detection and avoidance of counterfeit electronics. Given the breadth of contractors, sub-contractors and suppliers supporting government contracts – and the amount of time it would take to physically test and validate every piece of software and hardware – a supply-chain management solution with digital authentication is an ideal option. The proposed rule change would require defense contractors to pay for any corrective actions if counterfeit parts are found or suspected. Currently, those costs can be covered through a government contract if the contractor meets certain requirements, such as using a DoD-compliant operational system for detecting, deterring and reporting counterfeit parts.
DW : How does your company make C4ISR equipment traceable? What makes it so unique?
Mark Prokosch: Serialization and authentication begins at the manufacturing stage, where C4ISR products, components or parts are “marked” with a unique identifier (UID). The UID, such as a randomized alphanumeric code, is then stored on a database registry. As the parts and components make their way along the supply chain, they can be monitored and authenticated at each point, including their delivery to the government customer. The Verify Brand platform, VB Enterprise, is a turnkey solution that is robust and scalable to any contractor or OEM’s needs. Suspect parts can be rapidly identified, quarantined and traced back to their suppliers, as well as electronically reported out to partners or government databases.
DW : How do you test and validate products for suspicious components?
Mark Prokosch: We can help a government contractor or OEM ensure that their electronics are authentic by confirming that the UID on each part or component matches with a corresponding UID in a stored registry. Our solution also ensures that the number of parts, location of parts and product hierarchies (packaging relationships) match the anticipated values. Our VB Enterprise platform is flexible, so this communication can be done via the Web or Web services (i.e. without human intervention). Authentications can also be done through the full range of mobile devices. Any electronics that don’t match the corresponding UID in the registry can be quarantined and then physically tested by the government contractor or OEM.
DW : Can you elaborate on the chain-of-custody proof to verify the authenticity of C4 equipment?
Mark Prokosch: It’s important that products be authenticated upon delivery to the customer to ensure they’re receiving the legitimate and unaltered product that they ordered. But, it’s also important that the defense contractor or OEM has end-to-end visibility into its supply chain – from point of production to government delivery – so it can identify any issue as it happens, rather than after they happen. This enables contractors and OEMs to immediately address the issue and identify any potential security concerns, whether those concerns are within their own operations or elsewhere – such as suppliers, manufacturing and distribution centers, logistics carriers, etc.
DW : How do defense contractors, OEMs and subcontractors use the VB Enterprise platform to support the entire process of creating and registering standard-compliant UID codes?
Mark Prokosch: Rather than a one-size-fits-all approach, we can work with each contractor or OEM to develop a strategy that meets their specific needs while also meeting specific government regulations. The VB Enterprise platform can be easily deployed as a turnkey solution once that strategy has been set. We use a cloud-based software architecture for data hosting and management, which helps us minimize upfront work and increase the ease of integration into a company’s existing IT solutions and workflows. The VB Enterprise platform can provide real-time updates, reports and alerts as it traces UIDs throughout the supply chain – anytime and anywhere. Reports also can be delivered via email, helping to ensure any discrepancies are identified, logged in an audit trail and resolved before products reach the end user. We already work with a Fortune 50 computer manufacturer that supplies to the U.S. federal government and defense entities. Our project is a major driver in securing this company’s supply chain, by providing capabilities to track, monitor and authenticate items across all segments of its supply chain. This extends from upstream suppliers to product assembly and also across distributors, until the products are delivered to customers. In addition to achieving greater supply chain security, this manufacturer also has used our services to realize operational efficiencies and logistical improvements. That’s one of the untold stories of serialization – the cost savings that can be realized when you have greater visibility into both your operations and those of your vendors and suppliers. This can help identify opportunities for improved operational efficiencies and make advancements in logistical operations, all with the end goal of reducing costs. Given the current fiscal environment and ongoing squeeze from sequestration in the U.S., such improvements can help companies improve their bottom line and be more competitive when bidding for contracts.
DW : What are its benefits?
Mark Prokosch: The most immediate and important benefit is the enhanced security of defense supply chains. As mentioned before, more stringent DoD rules are looming for the defense industry to secure their supply chains. If industry doesn’t act, they risk falling behind the regulations and missing out on contracts to competitors who better understand how to put a security-conscious government customer’s mind at ease. Even if defense contractors and OEMs aren’t putting additional supply chain security solutions in place now, they should at least be reaching out to solutions providers that can help them understand approaches to meeting the regulations and the impact those options could have on their operations. Solutions providers like Verify Brand diligently follow a wide range of supply chain security regulations. They’re our specialty, and we can serve in an advisory role to keep industry informed on the regulations, particularly with regard to the more granular technical details.