-
- News
- Books
Featured Books
- design007 Magazine
Latest Issues
Current IssueRules of Thumb
This month, we delve into rules of thumb—which ones work, which ones should be avoided. Rules of thumb are everywhere, but there may be hundreds of rules of thumb for PCB design. How do we separate the wheat from the chaff, so to speak?
Partial HDI
Our expert contributors provide a complete, detailed view of partial HDI this month. Most experienced PCB designers can start using this approach right away, but you need to know these tips, tricks and techniques first.
Silicon to Systems: From Soup to Nuts
This month, we asked our expert contributors to weigh in on silicon to systems—what it means to PCB designers and design engineers, EDA companies, and the rest of the PCB supply chain... from soup to nuts.
- Articles
- Columns
Search Console
- Links
- Media kit
||| MENU - design007 Magazine
Estimated reading time: 5 minutes
Fresh PCB Concepts: Navigating Supply Chain Security and Traceability Through Standards
With increasing threats from multiple sources, the electronics industry has identified the need for protection with several levels of security concerns. This is reflected when you begin a new role, and you find yourself dealing with a number of protection practices during the onboarding process to secure your new employers’ intellectual property, the business, and even employees’ privacy and personal data. In addition to onboarding, larger organizations often require employees to adhere to new and updated protocols, undergo training, and adopt new work methodologies. These measures are implemented to address the growing risks posed by hackers, competitors, and foreign espionage activities.
The electronics industry plays a pivotal role in this landscape, serving as both the creator and manufacturer of devices that, when coupled with appropriate software and artificial intelligence, can inadvertently facilitate a wide array of unfriendly activities and threats. So, what do we do to protect ourselves?
In the electronic industry we have a wealth of standards to guide us into high reliability. These standards are developed for the entire production cycle from design to assembly. This also includes data protection, transfer of data, and dealing with data in production. A part of dealing with data is traceability, data protection, and to secure the supply chain toward interference from unfriendly external actors.
To help the industry protect itself, IPC has developed a series of standards to secure sufficient traceability in production and the supply chain, and cyber-related risk mitigation related to high-security products and industries exposed to foreign intelligence and potentially harmful cyberattacks. Regrettably, these standards are underutilized and often overlooked during industry discussions on companies' efforts to safeguard themselves. Have the task groups dedicated to developing these standards invested their time in vain, or is it simply a matter of the IPC failing to garner attention for these standards? I lack the definitive answer to this question, but I am inclined to investigate further to determine if these standards are relevant for both myself and the organization I represent.
Here are the standards:
IPC-1782B, Standard for Manufacturing and Supply Chain Traceability of Electronic Products
All larger companies working with high reliability have a need for traceability down to materials used, processes, and production lots. The main reason is to limit the damage to as few products as possible when a failure is detected. Depending on the nature of the failure, we can have a defect in one production panel, a production lot, or all panels made from one material delivery. From my experience, we do have this in place if we add a production lot number to the PCB traceability markings, and the factory has sufficient traceability in its production data system to find process and raw material lot data. At NCAB, we secure this by our corporate requirements to the PCB factory and requirements for production lot marking. In all factories we can find all related production data and raw material traceability.
I am also co-chair of D-33AA, the IPC task group responsible for IPC-6012XA, the automotive addendum to IPC-6012. We discussed the need to add IPC-1782B to this addendum, but we did not get a consensus since the automotive industry already had good traceability requirements in place through IATF16949 and Advanced Product Quality Planning requirements.
For me, this ends with no need for another traceability standard like IPC-1782B.
IPC-1791D, Trusted Electronic Designer, Fabricator and Assembler Requirements
This is a standard focusing on cybersecurity and the implementation of Cybersecurity Maturity Model Certification (CMMC). This standard is probably among the lesser-known standards developed by IPC. There are several reasons for this. First, IPC-1791D is dedicated to U.S. DoD-related products, where the DoD has a focus on protecting the U.S. defence industry toward cybersecurity in the supply chain and to help suppliers be in compliance with CMMC regulations. The standard shall give confidence in the integrity of delivered products, ensure quality, supply chain risk management (SCRM), security and chain of custody (ChoC), and a trusted source certification of non-U.S. printed board design, fabrication, and assembly. The idea is to certify companies to IPC-1791. Still, this certification does not include DoD facility clearance unless compelled by customer-specific requirements and pursued independently of this standard.
The whole standard becomes complicated, and it is difficult to understand the need and benefit as long as DoD provides waivers to meet CMMC by at least the end of 2025. But suppliers to the DoD, whether located within or outside the U.S., should not fail to have updated information as regularly provided by the DoD.
IPC-1792, Standard for the Management and Mitigation of Cybersecurity Incidents in the Manufacturing Industry Supply Chain
This is a standard for all of us. IPC-1792 leads the user to create a safe environment protected against cyber-attacks in production, exchange of data, shipment of raw materials, shipment of the product between supplier’s warehouse, and gate-to-gate, to secure that no one has the opportunity to swap boxes, exchange goods inside a box, or as easy as swap labels, and finally reaches the buyer in a secure way. The intent of this standard is to eliminate the opportunity for the manipulation of software and hardware throughout the end-to-end manufacturing process, ensuring that products are built as intended by the original designer.
At NCAB Group, we have trusted suppliers throughout the entire supply chain. Nothing is left to chance. But even reading this standard can make you feel uncomfortable. Is the world really that cruel? The answer depends on your product, your customer's products, and if your factory could be subject to manipulation by a competitor, your customer’s competitor, or another country’s willingness to manipulate with competition. The answer is yes, we are all in the same boat. Among these three standards, I find this one most interesting to read and discuss within my organization. Does that mean we will implement the standard? Probably not, but it is good reading as a guide for our overall risk assessment.
So, what is the takeaway from this article? The world is cruel enough that we need to take measures to secure our businesses in the supply chain, and against space attacks. Our products can have defects, causing a problem at the customer side, where traceability can reduce the cost of damage. There are standards available, and we should all evaluate what is needed for our own businesses.
Jan Pedersen is director of technology at NCAB Group.
More Columns from Fresh PCB Concepts
Fresh PCB Concepts: The Critical Nature of Copper Thickness on PCBsFresh PCB Concepts: The Journey of a PCB—A Tale of Sustainability and Circularity
Fresh PCB Concepts: The Vital Role of Front-end Engineers
Fresh PCB Concepts: Understanding Your Export-controlled PCBs
Fresh PCB Concepts: Fostering Loyal Relationships with PCB Design Engineers
Fresh PCB Concepts: Sustainable PCBs—Raw Materials and Compliance Methods
Fresh PCB Concepts: The Pros and Cons of Gerber, ODB++, IPC-2581
Fresh PCB Concepts: PCBs for Harsh and Extreme Environments, Part 2