I once interviewed a candidate who had previously worked for the DoD as an engineer that validated components. I was blown away by how far they went to ensure the components they received were genuine and 100% matched the specs in their contract.
Yeah I did 6 months on a goods in line. We measured every single part and did full sampled testing. This was on defence grade parts as well from big vendors. They were rebagged, kept in stores ready for use so there were no surprises.
Why is the defence industry so much more intense when it comes to checking parts? Is it mostly because it may be years or decades between purchase and usage?
Money, time, and perceived/realised risk of failure (to both the end user, and the supplier). Any time you have enough of those, the scrutiny will increase.
If you're making a chicken feeder IoT device, the amount of marginal QA cost you can tolerate is low (in fact, you're probably tempted to use the counterfeits...) and the only adverse outcome is a slightly hungry chicken. Medical devices have a much higher risk, but not as much money or time as military (a bottomless pit of both), so the QA level is higher there, but probably not as much as defence.
Some good answers here, but at the end of the day it's this:
If the components don't work in a military situation, people might very well die. Sometimes a lot of people.
A counterfeit microprocessor in a dollar store Furby clone probably isn't going to kill anyone if it fails. The same microprocessor in a surface-to-air missile? Well...
Whether or not the thing keeps soldiers alive is actually pretty far down the list of reasons to control the supply chain (see, for instance, the various reviews of the M249, or the specific small-p political decisions around the M16 design. I've heard first hand accounts of Afghan National Army/Police answering calls while the US Army operated cell phone jammers a few feet away). The main thing is consistency.
If you can depend on depend on your machine gun to jam if you fire it for more than 3 seconds, then you just don't fire it for that long. But if you have no way of knowing how many rounds you'll get out of it (if any) before it jams, you'll just stop using the thing.
Further, a lot of the procurement rules devolve down to "is this supply chain a strategic weak point?" We don't buy our HMMWV tires from Russia not out of quality concerns, but to deny them that weapon. So the testing is done to verify provenance, rather than quality.
> If the components don't work in a military situation, people might very well die. Sometimes a lot of people.
Sure, but if the components do work, people might very well die. Sometimes a lot of people. Probably different people.
Military (and aviation) want uniform, reliable parts and to be able to do post mortem investigation of failures where they lessons learned can be applied to the installed base and future production.
You can't do that very well when you don't even know who made your ICs to ask them what happened during production or to improve their processes.
In the best case, the threat of using them is enough to get the job done. But for the threat to be genuine, they have to work reliably. This is definitely the case for nuclear and other "strategic" weapons.
Because you could defeat your enemy if you sabotaged their components! Say you were selling op-amps or oscillators you knew were going to be used in warfare. You could burn in an "easter egg" where they shut down if they received a particular RF pulse (or drifted wildly if they didn't receive some covert 'keep working' message). It would be a disaster.
Partly that. Also they tend to push parts farther - temperature range, probably also radiation hardness, maybe some other things. When you need a part with a milspec temperature range, you really want to get a part with that range, not a part with a smaller range with a forged label.
A lot of the environment stuff is more about actually testing that the part can take that.
A civilian part might be very close (or the exact same part with a different model number) and even better in some cases but as it was never tested you don’t know.
Exactly this. In my day job, I program industrial equipment that operates in very unfriendly environments (lots of heat, vibration, humidity, etc.) We pay extra for parts that are certified to be able to take the abuse.
Many of the parts aren't really any different than what you'd find inside consumer goods. They cost more because they've been tested and certified.
>Why is the defence industry so much more intense when it comes to checking parts?
mil-spec parts need to meet specific standards, and since there are equivalent parts that don't have to meet these standards, the possibility and incentive for mislabelling parts is quite high.
Welcome to the world of supply chain poisoning. Go deep enough and you uncover local stores near defense companies and military bases which are targeted to contain modified inventory in the off chance someone buys it from said ___location. You might have some unused phone home chips in your coffee machine and not even know it.
I've heard some similarly wild shit on the other side - the market for illicit product designs.
There are these boutique one-man contracting shops, which are closed most of the time in places like Shanghai and Shenzhen. They are contracted to do R&D for manufacturers, and deliver on firmware, product design, software, etc. but again are one-man shops which are closed much of the time.
I am told this is how the pipeline of information works between state sponsored cyber attacks on big tech companies, and their Chinese competitors.
Talking about Defense contractors, I've heard stories from govvies I know about asian dudes following them around the DC area, constantly catching them looking over their shoulders at coffee shops.
> There are these boutique one-man contracting shops, which are closed most of the time in places like Shanghai and Shenzhen.
That's not just a China thing, nor is it suspicious all by itself. I made a good living in the US doing exactly the same thing for years.
The specific shops you're talking about may have been nefarious (I don't know), but the mere existence of private contractors is not inherently suspicious. They're pretty common.
These one man shops deliver to Chinese firms (Like Huawei) hardware designs, firmware source and also other misc. software. All in one go, on contract under the auspice of "outsourcing R&D". Wayyyy too much for one person to deliver on, especially for a small office which is mostly closed.
I am not sure if I am mixing up anecdotes, but my source has mentioned that the materials provided often contain the same firmware bugs as a similar competitor's product does.
What educational background and/or practical experience route would someone have to get into the field? Is this a “requires electrical||mechanical engineering degree” role or can it be learned via apprenticeship?
Maybe you can't say, but is it safe to assume it's fairly easy to "fingerprint" apart? Or, do the counterfeits "get it right" enough where deep functional testing is required?
