FCC Prohibits New Foreign-Made Routers to Enhance National Security
In a decisive move to bolster national security, the U.S. Federal Communications Commission (FCC) has announced a ban on the importation and sale of new consumer-grade routers manufactured in foreign countries. This action, effective immediately, aims to mitigate potential cyber threats and safeguard the nation’s critical infrastructure.
Background and Rationale
Routers serve as the backbone of modern communication networks, facilitating data transmission across homes, businesses, and government entities. However, the proliferation of foreign-made routers has raised significant security concerns. The FCC’s decision stems from a comprehensive assessment by Executive Branch Agencies, which identified these devices as potential vectors for cyberattacks, espionage, and intellectual property theft.
The Executive Branch determination highlighted that foreign-produced routers:
1. Introduce supply chain vulnerabilities that could disrupt the U.S. economy, critical infrastructure, and national defense.
2. Pose severe cybersecurity risks that could be exploited to disrupt critical infrastructure and harm U.S. citizens.
Implications for Consumers and Manufacturers
The ban specifically targets new models of foreign-manufactured routers. Consumers can continue using existing devices, and retailers are permitted to sell previously approved models. However, manufacturers of foreign-made routers must now obtain Conditional Approval from the Department of War (DoW) or the Department of Homeland Security (DHS) to market new products in the U.S.
As of now, the approved list includes drone systems and software-defined radios (SDRs) from companies such as SiFly Aviation, Mobilicom, ScoutDI, and Verge Aero. Notably, Starlink Wi-Fi routers are exempt from this policy, as they are manufactured domestically in Texas.
Security Concerns and Threat Landscape
The FCC’s decision is informed by a series of cyber incidents involving foreign-made routers. State-sponsored threat actors have exploited vulnerabilities in these devices to infiltrate American networks, disrupt services, and conduct espionage. Notable examples include:
– Volt Typhoon, Flax Typhoon, and Salt Typhoon: These China-linked adversaries have utilized botnets comprising compromised routers to target U.S. communications, energy, transportation, and water infrastructure.
– CovertNetwork-1658 (aka Quad7): This botnet has been employed to execute evasive password spray attacks, attributed to a Chinese threat actor known as Storm-0940.
The National Security Determination (NSD) emphasized that unsecure, foreign-produced routers are prime targets for attackers. These devices have been instrumental in recent cyberattacks, enabling hackers to gain unauthorized access to networks and compromise critical infrastructure.
Broader Context and Precedents
This ban aligns with the U.S. government’s ongoing efforts to secure supply chains and protect national security. In December 2025, the FCC expanded its Covered List to include foreign-made drones and critical components, citing similar concerns over espionage and data exfiltration. The addition of routers to this list underscores the administration’s commitment to mitigating risks associated with foreign-manufactured technology.
Industry and International Reactions
The FCC’s decision has elicited varied responses from industry stakeholders and international partners. Manufacturers of foreign-made routers may face challenges in obtaining Conditional Approvals, potentially leading to supply chain disruptions and increased costs. Consumers might experience limited options and higher prices as the market adjusts to these new regulations.
Internationally, some countries have expressed concerns over the broad application of national security measures to commercial products. Critics argue that such bans could escalate trade tensions and hinder global technological collaboration.
Conclusion
The FCC’s prohibition on new foreign-made routers marks a significant step in the United States’ strategy to fortify its cybersecurity posture. By addressing potential vulnerabilities in critical communication infrastructure, this measure aims to protect the nation’s economy, defense systems, and citizens from emerging cyber threats.
