The United States has implemented a ban on the sale and import of new foreign-made consumer internet routers, citing significant national security and cybersecurity concerns. The Federal Communications Commission (FCC) updated its “covered list” to include all consumer-grade routers produced outside the U.S., aligning them with previously banned foreign-made drones. This move aims to mitigate risks of espionage, data theft, and infrastructure disruption stemming from vulnerabilities in these devices.
Key Takeaways
- Ban on New Devices: The FCC has prohibited the marketing and sale of new consumer-grade router models manufactured outside the United States.
- Existing Routers Unaffected: Consumers can continue to use routers they already own, and previously authorized models can still be sold.
- Security Concerns: The ban addresses vulnerabilities exploited by malicious actors for espionage, network disruption, and intellectual property theft, with specific mention of cyberattacks like Volt, Flax, and Salt Typhoon.
- Manufacturing Shift Encouraged: Companies seeking to sell new foreign-made routers in the U.S. may need to apply for conditional approval, potentially requiring plans to move manufacturing to the U.S.
- Broad Impact: The decision affects a wide range of popular router brands, as most are assembled or manufactured overseas, even if designed in the U.S.
National Security Imperative
The FCC’s decision stems from a determination that foreign-made routers pose “unacceptable risks” to U.S. national security. The commission highlighted that these devices have been exploited to facilitate cyberattacks targeting critical American infrastructure, including communications, energy, transportation, and water systems. The ban is intended to ensure trusted supply chains and prevent foreign actors from gaining potential backdoors into American homes, businesses, and infrastructure.
Addressing Cybersecurity Vulnerabilities
Concerns have been mounting over the past year regarding the security of consumer routers, which are often seen as easy entry points for malicious actors. The FCC noted that cyberattacks, including those suspected to be state-sponsored by China, have leveraged vulnerabilities in foreign-produced routers. This has led to disruptions, espionage, and intellectual property theft, prompting the government to take decisive action.
Implications for the Industry
The ban is expected to have a significant impact on the router market, as the vast majority of consumer routers are manufactured outside the U.S., often in countries like China and Taiwan. While U.S.-based companies like Netgear manufacture their products abroad, they are also subject to the new regulations for new models. Companies may need to seek exemptions or adjust their manufacturing strategies to comply with the new rules, potentially encouraging a shift towards domestic production.
Exemptions and Future Considerations
While the ban targets new foreign-made router models, existing devices are not affected. Companies can apply for “conditional approval” to continue selling new products, which may involve demonstrating a commitment to establishing or expanding manufacturing within the United States. Certain routers might also be exempted if deemed acceptable by the Department of Defense or the Department of Homeland Security, though no specific exemptions have been granted yet.
Via TechRadar
