ML18044B003
ML18044B003 | |
Person / Time | |
---|---|
Issue date: | 03/14/2018 |
From: | Pasquale D NRC/OI |
To: | |
RICMST.Resource@nrc.gov | |
References | |
Download: ML18044B003 (15) | |
Text
U.S. NRC Office of Investigations Counterfeit Parts in Critical Infrastructure, Past, Present, and Future Daniel Pasquale, Senior Systems Engineer
U.S. NRC Office of Investigations Title 10 of the CFR, Part 1.36, Office of Investigations
- Conducts investigations of allegations of wrongdoing
- Maintains current awareness of inquiries and inspections by other NRC offices
- Makes appropriate referrals to the Department of Justice
- Liaise with other agencies and organizations to ensure the timely exchange of information of mutual interest
CFSI Past:
Notable counterfeit, fraudulent, suspect items (CFSI) events from the commercial nuclear industry Pentas Controls (2010)
Vison Tech (2010)
MVP Micro Inc. (2010)
Laddish Valves (2007)
Square D Circuit Breakers (2007)
Hunt Valves (2006)
Crane Valves (1991)
Fasteners (1988)
Generic Communications (CFSI):
16 14 12 10 8
6 4
2 0
RIS Bulletin Generic Letters IN Note: There were no Generic Letters issued in 2000, 2001, 2002, 2005, 2009, 2010, 2011, 2012, 2013, and 2014.
Recurring themes:
- Fraudulent test documents and certifications (substandard or improper materials, poor quality and/or workmanship)
- Misrepresenting refurbished equipment as original (new vs, used, vs. never used, vs. refurbished)
- substitution of non-standard parts
- No clear traceability to the source
Present: SECY-11-0154 (2011)
An Agencywide Approach to Counterfeit, Fraudulent, and Suspect Items (CFSI),
19 (agency) actions to assess and enhance CFSI processes!
- Tech staff committed to screen CFSI information into the NRCs Operating Experience program and initiate a CFSI Technical Review Group (TRG) to assess, trend and process accordingly
- OI committed to promoting information sharing through interagency outreach efforts with appropriate Federal agencies
Post 9/11 Shift in Threat Resolution:
Resources Pre-9/11 Identification Response Elimination Post-9/11
CFSI Present:
IPR Center welcomes the Nuclear Regulatory Commission as its 21st partner agency (2012)
Liaises with other law enforcement agencies to:
- ensure the timely exchange of information of mutual interest
- Participate in PROACTIVE investigative efforts
- Rapidly de-conflict information and evidence
CFSI Present:
Reputable Organizations (falsification of records)
Kobe Steel (2017)
Cruesot Forge (2015)
KHNP (2012)
Nefarious organizations Social activists Organized Crime (money laundering/human trafficking)
Terrorist cells Cyber Supply Chain Risk
Cybersecurity Supply Chain Risk?
it is clear that an attack vector does exist from the supplier development environment - EPRI 1026562, (2012)
The supply chain represents a significant risk to industrial control systems (ICS). - DHS Industrial Control Systems Cyber ERT, FY2016 Annual Assessment Report Threats to the supply chain are constantly growing in sophistication, number, and diversity. Intentional threats include counterfeit products and malicious software.- NISTIR 7622, (2012) the challenge to supply chain management in a cyber- contested environment is significant. -Defense Science Board (DSB) Task Force Report, (2013)
Emerging themes: Favorable market conditions:
- obsolescence Aging operating units
- advancing technology Digital I&C Favorable profit margins:
- global supply chain 58 nuclear plants under construction worldwide
- high profit potential
- low capital and labor costs
- diminishing suppliers (10 CFR 50, Appendix B) More CGDs
- access to sub-suppliers
- easily distributed via the internet
- new norms high in-service failures
- no research & development costs
- no advertising costs
- minimal legal expenses Favorable criminal environment:
- lack of reporting
- little fear of prosecution
- low fines and sentences upon conviction
- unprecedented anonymity
- may involve alternate illicit activities
CFSI Future:
Critical Infrastructure Security and Resilience advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical Infrastructure.
DHS/ICE/HSI National IPR Centers Operation Chain U.S. NRC Reaction (OCR) A comprehensive work with critical infrastructure owners and operators to take proactive steps to initiative that includes counterfeit goods manage risk entering the supply chains of critical infrastructure
Specific NRC Responsibilities under PPD 21 The NRC is to collaborate, to the extent possible, with DHS, DOJ, the Department of Energy, the Environmental Protection Agency, and other Federal departments and agencies, as appropriate, on strengthening critical infrastructure security and resilience
CFSI Future:
Operation Chain Reactions (OCR)
Energy Infrastructure Initiative (EII)
Government entities/private industry/plant owners, operators/supply chain Benefits of Membership:
- Significantly reduces supply chain risk Supply chain visibility
- Promotes CFSI information sharing and de-confliction
- Expedites CFSI Alerts/Advisories contain the spill
- Accesses more Operating Experience (OpE) emerging trends
- Avoids duplicative efforts do more with less
- Centralized reporting for non-Part 21 CFSI supports +CGDs
- Assists in protecting IP Rights of key suppliers
- Harder for the dishonest to re-invent themselves
In Summary:
In all aspects of IPR crime enforcement, there is an identified and ongoing need for enhanced cooperation and education amongst all stakeholders and intermediaries to ensure that the fight against such criminality and its effects becomes more cohesive and well informed -
EUROPOLs 2017 Situation Report on Counterfeiting and Piracy in the European Union Key Takeaways
- OI supports the staffs and law enforcements recommendations for a more PROACTIVE and COLLABORATIVE approach to CFSI
- EII Phase I - IPR Center 2012 (> 5 yrs. of maturity)
- EII Phase II - supplier participation 01/2018
- EII Phase III -The data-net (2019)