ML18044B003
| ML18044B003 | |
| Person / Time | |
|---|---|
| Issue date: | 03/14/2018 |
| From: | Pasquale D NRC/OI |
| To: | |
| RICMST.Resource@nrc.gov | |
| References | |
| Download: ML18044B003 (15) | |
Text
U.S. NRC Office of Investigations Counterfeit Parts in Critical Infrastructure, Past, Present, and Future Daniel Pasquale, Senior Systems Engineer
U.S. NRC Office of Investigations Conducts investigations of allegations of wrongdoing Maintains current awareness of inquiries and inspections by other NRC offices Makes appropriate referrals to the Department of Justice Liaise with other agencies and organizations to ensure the timely exchange of information of mutual interest Title 10 of the CFR, Part 1.36, Office of Investigations
Notable counterfeit, fraudulent, suspect items (CFSI) events from the commercial nuclear industry Pentas Controls (2010)
Vison Tech (2010)
MVP Micro Inc. (2010)
Laddish Valves (2007)
Square D Circuit Breakers (2007)
Hunt Valves (2006)
Crane Valves (1991)
Fasteners (1988)
CFSI Past:
Generic Communications (CFSI):
0 2
4 6
8 10 12 14 16 RIS Bulletin Generic Letters IN Note: There were no Generic Letters issued in 2000, 2001, 2002, 2005, 2009, 2010, 2011, 2012, 2013, and 2014.
Recurring themes:
- Fraudulent test documents and certifications (substandard or improper materials, poor quality and/or workmanship)
- Misrepresenting refurbished equipment as original (new vs, used, vs. never used, vs. refurbished)
- substitution of non-standard parts
- No clear traceability to the source
Present: SECY-11-0154 (2011)
An Agencywide Approach to Counterfeit, Fraudulent, and Suspect Items (CFSI),
- OI committed to promoting information sharing through interagency outreach efforts with appropriate Federal agencies
- Tech staff committed to screen CFSI information into the NRCs Operating Experience program and initiate a CFSI Technical Review Group (TRG) to assess, trend and process accordingly 19 (agency) actions to assess and enhance CFSI processes!
Post 9/11 Shift in Threat Resolution:
Resources Pre-9/11 Post-9/11 Identification
Response
Elimination
Liaises with other law enforcement agencies to:
IPR Center welcomes the Nuclear Regulatory Commission as its 21st partner agency (2012)
- ensure the timely exchange of information of mutual interest
- Participate in PROACTIVE investigative efforts
- Rapidly de-conflict information and evidence CFSI Present:
CFSI Present:
Reputable Organizations (falsification of records)
Kobe Steel (2017)
Cruesot Forge (2015)
KHNP (2012)
Nefarious organizations Social activists Organized Crime (money laundering/human trafficking)
Terrorist cells Cyber Supply Chain Risk
Cybersecurity Supply Chain Risk?
the challenge to supply chain management in a cyber-contested environment is significant. -Defense Science Board (DSB) Task Force Report, (2013) it is clear that an attack vector does exist from the supplier development environment - EPRI 1026562, (2012)
The supply chain represents a significant risk to industrial control systems (ICS). - DHS Industrial Control Systems Cyber ERT, FY2016 Annual Assessment Report Threats to the supply chain are constantly growing in sophistication, number, and diversity. Intentional threats include counterfeit products and malicious software.- NISTIR 7622, (2012)
Favorable criminal environment:
lack of reporting little fear of prosecution low fines and sentences upon conviction unprecedented anonymity may involve alternate illicit activities Favorable profit margins:
high profit potential low capital and labor costs access to sub-suppliers easily distributed via the internet no research & development costs no advertising costs minimal legal expenses Favorable market conditions:
obsolescence Aging operating units advancing technology Digital I&C global supply chain 58 nuclear plants under construction worldwide diminishing suppliers (10 CFR 50, Appendix B) More CGDs new norms high in-service failures Emerging themes:
Critical Infrastructure Security and Resilience advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical Infrastructure.
CFSI Future:
DHS/ICE/HSI National IPR Centers Operation Chain Reaction (OCR) A comprehensive initiative that includes counterfeit goods entering the supply chains of critical infrastructure U.S. NRC work with critical infrastructure owners and operators to take proactive steps to manage risk
Specific NRC Responsibilities under PPD 21 The NRC is to collaborate, to the extent possible, with DHS, DOJ, the Department of Energy, the Environmental Protection Agency, and other Federal departments and agencies, as appropriate, on strengthening critical infrastructure security and resilience
Benefits of Membership:
- Avoids duplicative efforts do more with less
- Promotes CFSI information sharing and de-confliction
- Centralized reporting for non-Part 21 CFSI supports +CGDs
- Assists in protecting IP Rights of key suppliers
- Significantly reduces supply chain risk Supply chain visibility Operation Chain Reactions (OCR)
Energy Infrastructure Initiative (EII)
- Harder for the dishonest to re-invent themselves
- Accesses more Operating Experience (OpE) emerging trends
Government entities/private industry/plant owners, operators/supply chain
In Summary:
In all aspects of IPR crime enforcement, there is an identified and ongoing need for enhanced cooperation and education amongst all stakeholders and intermediaries to ensure that the fight against such criminality and its effects becomes more cohesive and well informed -
EUROPOLs 2017 Situation Report on Counterfeiting and Piracy in the European Union Key Takeaways OI supports the staffs and law enforcements recommendations for a more PROACTIVE and COLLABORATIVE approach to CFSI EII Phase I - IPR Center 2012 (> 5 yrs. of maturity)
EII Phase II - supplier participation 01/2018 EII Phase III -The data-net (2019)