The Federal Communications Commission has implemented a sweeping ban on the sale of new foreign-made routers in the United States to mitigate national security risks from cyberattacks.

Key Points

• The FCC updated its Covered List on March 23 to restrict new foreign-produced routers unless granted an exception by the Department of Defense or DHS.
• The policy aims to prevent foreign actors, such as Volt, Flax, and Salt Typhoon, from commandeering residential routers for cyberattacks and proxy botnets.
• The ban excludes U.S.-manufactured equipment, such as devices produced by Starlink in Texas.
• Critics argue the policy is overly broad because it fails to address vulnerabilities in IoT and smart home devices that are frequently used in cybercrime.
• The mandate does not distinguish between manufacturers with poor security records and those with established reputations for secure production.

Why it Matters

This policy shift significantly alters the U.S. networking hardware market by forcing manufacturers to either localize production or seek federal exemptions to remain competitive. While intended to bolster national security, the broad approach may limit consumer choice and fail to address the underlying security flaws in the broader ecosystem of connected devices.