On Monday, the Federal Communications Commission (FCC) essentially made it illegal to sell consumer grade routers that aren’t made in the U.S. unless they’ve already received FCC authorization. This policy update, “does not prohibit the import, sale, or use of any existing device models the FCC previously authorized,” an FCC fact sheet says.
Nonetheless, the move forces the manufacturing of routers to be moved to the U.S. rapidly, particularly since it’s not clear that any consumer routers are currently made in the U.S.
The FCC’s public notice about this new router ban quotes a very dire-sounding “National Security Determination” at the FCC that was apparently issued on Friday: “Recently, malicious state and non-state sponsored cyber attackers have increasingly leveraged the vulnerabilities in small and home office routers produced abroad to carry out direct attacks against American civilians in their homes.”
The National Security Determination goes on to say that router vulnerabilities have been exploited as part of a series of notorious attacks and hacks, including the 2024 action by the hacker group Salt Typhoon. It says the supply chain for routers must be secured so that Americans can make sure we’re not unwittingly providing backdoor access to U.S. telecommunications infrastructure.
This is a much bigger and more consequential ban than the one last year on foreign drones, a blow to Shenzhen, China-based consumer drone titan DJI. It’s also worth noting that a 2021 bill signed into law by President Joe Biden called the Secure Equipment Act banned the FCC from licensing electronics from companies deemed threats to national security, principally those based in China. The following year, the FCC banned telecom equipment—routers very much included—from China-based Huawei and ZTE.
As noted in the text of the FCC’s announcement, the FCC keeps a list of products and services that “pose an unacceptable risk to the national security of the United States or the security and safety of United States persons”—frequently called the “Covered List.”
The Covered List now includes the following item: “Routers produced in a foreign country, except routers which have been granted a Conditional Approval by DoW or DHS.”
Popular consumer routers from brands like TP-Link and Netgear, broadly speaking, are made in Taiwan, Thailand, and Vietnam, according to Wired. According to a CNBC story from last year, the Trump 1.0-era trade war against China shifted much of the electronics supply chain from China to Southeast Asia.
The FCC’s notice contains some details about how a company can obtain “Conditional Approval. It appears to involve disclosing your company’s management structure, and detailing your supply chain, and then—in what is probably the most onerous part to most companies—what your plan is for onshoring manufacturing to the U.S.
FCC Chief Brendan Carr’s statement on this action reads, “I welcome this Executive Branch national security determination, and I am pleased that the FCC has now added foreign-produced routers, which were found to pose an unacceptable national security risk, to the FCC’s Covered List.”
“Following President Trump’s leadership,” Carr adds, “the FCC will continue [to] do our part in making sure that U.S. cyberspace, critical infrastructure, and supply chains are safe and secure.”
Read the full article here
