Last month, the Federal Communications Commission updated its Summary List, adding “consumer-grade routers manufactured in other countries.” The move came as the Executive Branch determined that foreign-made routers are “at risk of supply damage that could damage the US economy, critical infrastructure and national security,” but also presented a “significant cyber security risk that could be posed to immediately and dramatically damage US infrastructure and directly harm US people.”
In addition, President Donald Trump’s 2025 National Defense Strategy stated: “The United States should not be dependent on any foreign power for basic components – from raw materials to parts to finished products – that are necessary for national security or the economy.”
A problem that has been ignored for years
This is an issue that cybersecurity experts have warned has been overlooked, or at least ignored, for years. The fact is that most consumer routers sold in the US are made overseas, with estimates showing that about 60% of the market is produced in China, which makes the ruling have a significant impact on the entire industry.
The ban applies to new devices that require FCC approval, meaning pre-approved products and existing routers are not affected.
“Supply chain compromise is becoming one of the biggest threats for countries and advanced operations that have led to critical incidents.” The FCC’s decision to add foreign-made routers to its covered list reflects a risk that the security community has been warning about for years,” explained Jacob Krell, senior director of Secure AI Solutions & Cybersecurity at Suzu.
In an email to ClearanceJobs, Krell added that as product durability and security improve, adversaries are increasingly looking to industry, firmware, and other supply chain dependencies where compromises can cause lasting access.
“The FCC’s classification of Volt Typhoon, Flax Typhoon and Salt Typhoon is consistent with that,” Krell added. “Network devices are very attractive targets because they sit in the path of every packet entering and leaving the environment, and early compromise can be difficult to detect and repair.”
However, the risks to consumers alone can be overstated.
Most Americans don’t have private networks on their networks, instead using devices to stream video content to a tablet or smartphone. The most “compromising” information may be a person’s browsing history.
“This is a major increase in the protection of US technology, which goes beyond certain Chinese companies such as Huawei or ZTE to a general ban on all equipment produced abroad,” suggested Damon Small, board of directors at Xcape, Inc.
“By citing the weaponization of SOHO routers in groups like Volt Typhoon and Salt Hurricane, the FCC treats the humble home router as a primary vector for national pivot attacks against critical infrastructure,” Small also told ClearanceJobs.
Unintended Consequences
Since the FCC’s announcement, there have been reports that foreign-made routers will only receive software updates until March 1, 2027, which could set an expiration date for many people’s Internet security.
The Technology Policy Institute even issued a warning last week: “The ban poses a risk that its protest should address.”
CNET also reports that it will be difficult to recommend the Wi-Fi router to retailers, as it is unclear which products will receive the upgrade. FCC clarification is almost mandatory.
“Effectively, the FCC would ban all new routers, because there are no home routers that meet those standards today. No one can clear the bar now,” said Matt Wyckhouse, founder and CEO of cybersecurity provider Finite State.
This issue is compounded by the global supply chain. Even US-made routers are full of parts from all over the world, so is one assembled in the USA really “made in America?” It is a serious issue that the FCC ban does not address.
“The country of manufacture does not necessarily determine the safety of that product,” Wyckhouse told ClearnaceJobs. “There is a huge global supply chain involved – from chipsets to software to final assembly. There are no domestic suppliers for all the products involved in the manufacture of routers.”
Political or Security Issue?
Some cybersecurity experts suggest that this is more of a political issue than cybersecurity.
“The goal is to economically destroy foreign router manufacturers and protect domestic ones like Cisco,” said Paul Bischoff, a consumer privacy spokesman for Comparitech.
Bischoff told ClearanceJobs that the reasons given for blocking routers are all based on theory and have little evidence to stand up, and he added, “The hurricane of salt, for example, did not happen because of routers in other countries but because of the removal of the television system.
Foreign-made routers still offer security, or at least they will until next year. The fact is that many consumers and even business users do not bother to install updates for their Wi-Fi routers, even though they know that such devices can be updated.
“The biggest issue is the failure of users to implement patches/updates provided by OEMs and the continued use of devices that have reached the end of life,” explained Eric Greenwald, general counsel Finite State.
“Many threat actors using routers as an attack vector rely on known vulnerabilities for which patches have long been issued,” Greenwald wrote in an email. “Aggressors don’t need to rely on supply-side attacks to compromise routers because the environment is full of devices that kids play to control.”
Expect routers to increase in price
The short-term impact of the FCC’s announcement is that there will be fewer options, and the rules of supply and demand will come into play sooner. Currently, more than 60% of the market is controlled by foreign manufacturers.
For business, the next year should be spent replacing legacy equipment.
“Defenders should evaluate their current fleet of remote access devices and prioritize vendors that are going to US-based industries or are actively seeking DHS’ Accreditation,” Small said. “While existing devices are safe for now, expect insurance carriers and government inspectors to eventually move the paperwork from ‘legal to use’ to ‘compliant and safe.’
This will be a new cost for consumers and businesses.
“This will increase prices,” added Wyckhouse. “Companies will have to invest in US manufacturing or renew existing jobs, and that’s a big cost shift.”
Time will tell if it adds a layer of cybersecurity to the process.
“Finally the FCC is treating home routers like the Trojan Horses they are,” Small continued. “Although I’m sure ‘Made in the USA’ will add 40% to the MSRP and zero to the patch frequency.”
#Fireproof #routers #FCC #rule #shake #home #network