1

Counterfeit, Suspect, Fraudulent Item (CSFI)

Developing the NRC CSFI Response

CommunityDOE Conference Call

Nov. 11, 2009

Daniel Pasquale

Sr. Operations Engineer

Quality and Vendor BranchOffice of New Reactors

Daniel.Pasquale@nrc.gov

2

Generic Communication IN 2008-04

“Counterfeit Parts Supplied To Nuclear Power Plants”

The 3 characteristics of an effective procurement and dedication plan:

1) The involvement of engineering staff in the procurement and product acceptance process;

2) Effective source inspection, receipt inspection, and testing programs;

3) Thorough, engineering-based programs for review, testing, and dedication of commercial-grade products for suitability for use in safety-related applications.

3

Program StrategiesThe Defense

• Self Assess – and be critical

• Encourage a questioning attitude

• Perform thorough receipt inspections– Verify procurement requirements

• Provide CSFI training to QA/QC receipt inspectors

• Make Current CSFI information available

• Maintain a comprehensive CGD program

4

Program StrategiesThe Offense

• Self Assess – and be critical • Zero tolerance policy for counterfeiting• Supplier selection

– Know your suppliers (Upstanding) – Assess supplier’s return & scrap/disposal

policies• Precise procurement specifications based on

engineering input• IT protection of Intellectual Property• Community Watch programs

– Outreach efforts

5

Some Proactive Best Practices

• Protect Your Intellectual Property– Register patents & trademarks– Impose strong IP procurement clauses including specific CSFI

language– Question the supplier’s IP controls– Institute anti-fraud techniques

• Maintain Robust Procurement Controls– Perform vigilant receipt inspections that include CSFI

elements– Include a CSFI element for repair/returns receipt inspections – Control disposal of process scraps, rejects, un-repairable

returns etc– Trust but verify

• Know Your Suppliers – Use O.E.M. authorized distributors – Employ rigorous supplier selection processes – Maintain short supply chains

6

• Communicate and Maintain Relationships with the O.E.M – Seek O.E.M. assistance In detecting CSFI– Ensure that the O.E.M. also has a robust CSFI program

• Take Action– Report known or suspected Counterfeiting– Guard Intellectual Property– Take appropriate legal actions

• Stay Current– Monitor counterfeiting news– Participate in related industry committees – Share information

The NUPIC Vendor Interface Committee MeetingJune 17 & 18, 2009

Some Proactive Best Practices

7

1. Issuance of IN 2008-04, “Counterfeit Parts Supplied To Nuclear Power Plants” (April 7, 2008)

2. Developing the NRC’s CSFI community (June 4, 2009)

3. Continuing to enhance the NRC’s Vendor Inspection program

4. Working with NUPIC to enhance their audit process

5. Working with EPRI’s Technical Advisory Group (TAG) on CSFI

6. Cooperating with DHS’s Anti-Counterfeiting task forces

7. Improving communications and sharing information with the nuclear community

WHAT IS THE NRC DOING?

8

A community-based organization working together to combat CSFI activity:

– Take positive steps– Share current information of new trends in CSFI– Establish consistent programs for combating CSFI

activity– Awareness of & access to the various related

government agencies– Develop industry standards– Evaluate CSFI claims– Training for Inspectors, Purchasers and QA personnel

COMMUNITY WATCH PROGRAMS

9

• NRO, Quality & Vendor Branch-BWR• NRO, Quality & Vendor Branch-PWR• NRR, Vendor Branch – Operating Units• NMSS/SFST – Nuclear Fuel Storage• NMSS/FCSS – Nuclear Fuel Transport• OpE (Operational Experience)• ConE- (NRC-Construction Experience)• OI (Office of Investigations)• OAC (Office Allegations Coordinator)• OE (Office of Enforcement)• ADM/DC (Excluded Parties List)• NRC Regions

• IRS/IAEA (International Reporting System)• ConX- (NEA-Construction Experience)

DEVELOPING THE NRC’S CSFI COMMUNITY

Internal NRC Family – 1st Tier

10

The NRC’s CSFI Community

TIER 1 (Family) TIER 2 (Neighborhood) TIER 3 (Associates) TIER 4 (Global)

NRO/CQVB NEI DIA IAEA

NRR/EQVB INPO • GIDEP db • IRS db

NMSS /SFST EPRI US COC (CACP) US COC (GIPC)

NMSS/FCSS NUPIC US DOD (DCIS) US DOC (BIS)

NRC Event Reporting Program

NIAC US Navy Dept

(BMPCOE)

INTERNATIONAL NUCLEAR REGULATORS

• Part 21 db EEI US DHS (ICE) US TR (E&ES ITAC)

• OpE db US DOE US DHS (CBP) US TR (AE&CG ITAC)

• ConE db • S/CI db US CPSC db US PTO (FQA Markings)

• ConX db US DOC (ITA) US GAO (EPLS db) WTO

• Morning Reports db • STOPFAKES.gov db UL db WIPO

NRC OI NIST (FQA) NIST (MEP) APICS

US DOS (IPR TP) NAM

NEMA

IPRTP

ICC (CIB)

INTERPOL

11

♦ Department of Defense• Government Information Data Exchange Program (GIDEP) • Diminishing Sources and Material Shortages (DMSMS)• NASA• Aerospace Standard AS5553, “Counterfeit Electronic Parts; Avoidance,

Detection, Mitigation, and Disposition

♦ Department of Energy• Suspect/Counterfeit or Defective Items Program (S/CDI)• Occurrence Reporting and Processing of Operations Information (ORPS)

♦ Department of Commerce• International Trade Administration, Office of Energy and Environment• Manufacturing & Services• Bureau of Industry & Security, Office of Technology Evaluation

♦ Nuclear Procurement Issues Committee (NUPIC)• Commercial Nuclear Power Licensees & Suppliers

♦ Nuclear Energy Institute (NEI)

♦ Electric Power Research Institute (EPRI)

Outreach Efforts

12

• 10 CFR Part 21 Reports - NRC• OpE: Operating Experience – NRC• ConE: Construction Experience - NRC• OpEx: Operating Experience - INPO • EPIX: Equipment Performance & Information Exchange-INPO• GIDEP: Government Industry Data Exchange Program• SCI: Suspect & Counterfeit Items – DOE• EPLS: Excluded Parties List System - GAO• CPSC: Consumer Protection Safety Commission • TheTrueCosts.org: U.S. COC• STOPFAKES.gov: Joint Effort hosted by DOC

• IRS: Incident Reporting System – IAEA• ConX: Construction Experience - NEA

EXISTING DATA SOURCES

13

NOW IS THE TIME TO SHARE CSFI INFORMATION

“I have suggested before that this kind of information (defective, counterfeit, or mis-used components) should be collected by all regulators and shared across national borders. Today I will modify my view by saying that this is not merely a good idea, but perhaps even a necessary one.”

- NRC Commissioner and Former Chairman Dale E. Klein at the IAEA General Conference Senior Regulators Meeting, Vienna, Austria, October 3, 2008

14

SUMMARY

• The threat of CFSI is real – and growing

• Industry vulnerabilities are growing also

• Maintain a robust CSFI program– Refer to current NRC guidance– Protect your Intellectual Property (IP)– Incorporate Best Practices

• Build and maintain a solid CSFI community– Federal agencies– Industry communities– Supply chain

15

QUESTIONS

Daniel Pasquale

Sr. Operations Engineer

Quality and Vendor BranchOffice of New Reactors

Daniel.Pasquale@nrc.gov