FCC Bans New Routers Made Outside the US Over National Security Risks
FCC bans new consumer routers made outside US citing national security risks.
Summary
The FCC has added all foreign-made consumer-grade routers to its Covered List, prohibiting their import and sale in the US based on a White House determination that offshore router production poses unacceptable national security and cybersecurity risks. The ban cites state-sponsored attacks by groups like Flax Typhoon, Salt Typhoon, and Volt Typhoon targeting US critical infrastructure, and concerns about potential backdoors in routers dominating the American market. Existing devices already in use are unaffected, and certain models may receive exemptions if approved by the Department of War or Department of Homeland Security.
Full text
The Federal Communications Commission (FCC) this week added all consumer-grade routers produced in foreign countries to its Covered List, banning their use in the US. The decision was based on a White House-convened Executive Branch interagency body’s determination (PDF) that all routers made abroad pose a threat to national security. “Compromised routers can enable in-depth network surveillance, data exfiltration, botnet attacks, and unauthorized access to US government or American businesses’ networks. The United States must have secure and trusted routers,” the determination reads. According to the document, because most of the routers used in American homes today are produced outside of the US, this market domination “creates unacceptable economic, national security, and cybersecurity risks.” The determination also mentions attacks by state-sponsored groups such as Flax Typhoon, Salt Typhoon, and Volt Typhoon, which targeted critical communications, energy, transportation, and water infrastructure in the US. “Routers in the United States must have trusted supply chains so we are not providing foreign actors with potential built-in backdoors to American homes, businesses, critical infrastructure, and emergency services,” the assessment reads.Advertisement. Scroll to continue reading. Based on this determination and on President Trump’s 2025 National Security Strategy, the FCC updated its Covered List with all routers made abroad, pointing out that devices that are currently in use within Americans’ houses are not impacted. “New devices on the Covered List, such as foreign-made consumer-grade routers, are prohibited from receiving FCC authorization and are therefore prohibited from being imported for use or sale in the U.S. This update to the Covered List does not prohibit the import, sale, or use of any existing device models the FCC previously authorized,” the FCC announced (PDF). Furthermore, certain router models may be exempt from the ban if they are specifically approved by the Department of War (DoW) or the Department of Homeland Security (DHS). Per the determination, the DoW or the DHS should notify the FCC that the respective router models have received Conditional Approval (PDF) and do not pose unacceptable risks to national security, and they will continue to receive FCC equipment authorizations. Supply chain vulnerabilities that could disrupt the US critical infrastructure, economy, and national defense, and severe cybersecurity risks leading to critical infrastructure disruptions or direct harm to US persons are considered unacceptable threats. Related: DoE Publishes 5-Year Energy Security Plan Related: Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector Related: Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool Related: 3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Extortion Group Claims It Hacked AstraZenecaChrome 146 Update Patches High-Severity Vulnerabilities3.1 Million Impacted by QualDerm Data BreachCritical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms WarnMazda Says Employee, Partner Information Stolen in CyberattackChip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain AttackQNAP Patches Four Vulnerabilities Exploited at Pwn2Own Latest News RSAC 2026 Conference Announcements Summary (Day 2)From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPIUS Prisons Russian Access Broker for Aiding Ransomware AttacksHackerOne Employee Data Exposed in Massive Navia BreachDoE Publishes 5-Year Energy Security PlanWhy Agentic AI Systems Need Better Governance – Lessons from OpenClawPoland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy SectorRSAC 2026 Conference Announcements Summary (Day 1) Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveThe US Senate confirmed Markwayne Mullin as DHS Secretary.7AI has appointed Israel Barak as its first Chief Information Security Officer.Brian Harrell has been appointed Chief Security Officer at FirstEnergy.More People On The MoveExpert Insights Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email