The US Federal Communications Commission (FCC) has added all consumer-grade routers manufactured abroad to its Covered List, labeling them as an “unacceptable risk” to national security and the safety of US citizens. Consequently, these devices now require special authorization before they can be sold in the United States.
The FCC clarified that these new restrictions apply only to new router models, not to devices currently owned by consumers or those already approved and on the market.
This move aligns with a broader national strategy focused on bolstering domestic supply chains for critical goods, a policy emphasizing economic self-reliance for national defense.
Routers are particularly vulnerable given their potential for cyberattacks. The FCC’s concern stems from instances like TP-Link routers reportedly being hijacked by state-sponsored hackers and ongoing calls for bans on certain foreign-made networking hardware.
An inter-agency expert report supporting the FCC’s decision highlights the critical role of routers in the US economy and defense. It warns that reliance on foreign manufacturing for these devices is no longer sustainable, as compromised routers can lead to extensive network surveillance, data theft, botnet attacks, and unauthorized access to government and business networks, posing “additional and unacceptable risks to Americans.”
This report is corroborated by a joint assessment from CISA, the NSA, and the FBI, which indicates that cyber actors sponsored by the People’s Republic of China (PRC) are actively trying to infiltrate US IT networks. Their objective is to position themselves for potential disruptive or destructive cyberattacks against critical US infrastructure in the event of a major crisis or conflict.
These concerns about supply chain vulnerabilities are not new in cybersecurity circles, with organizations like OWASP frequently citing “software supply chain failures” as a leading web application security risk. The added layer of potential interference from foreign state agencies only underscores the need for proactive security measures.
Despite the new restrictions, the FCC acknowledges that the ban on foreign routers isn’t absolute. A pathway for approval exists.
To ease this transition, foreign router manufacturers are encouraged to seek “Conditional Approvals.” If granted, these approvals would allow them to continue obtaining FCC authorization for their products while they work to address the US government’s national security concerns.
In essence, the new policy doesn’t mean existing foreign routers will vanish. Instead, it signifies a more stringent approach by the US government to ensure that all networking devices entering the country are secure and do not pose a national security threat.