The United States government has moved to ban new foreign-made consumer internet routers over potential national security concerns. In an update to a list of equipment seen as not secure enough for use, the Federal Communications Commission (FCC) added all consumer-grade routers made outside the U.S.
It puts routers – which are used widely in homes and businesses to connect computers, phones, TVs and other devices to the internet – on a par with foreign-made drones, which were banned at the end of last year.
“Malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft”, the FCC said. While people will still be able to use foreign-made routers they already own, the ban applies to all “new device models.”
The ban stems from growing concern over the last year that routers were a point of easy-access for malicious actors. TP-Link, a router brand made in China that is a best-seller on Amazon, became the subject of some U.S. political anxiety last year after a spate of cyberattacks.
Any new router made outside the U.S. will now need to be approved by the FCC before it can be imported, marketed, or sold in the country.
In order to get that approval, companies manufacturing routers outside the U.S. must apply for conditional approval in a process that will require the disclosure of the firm’s foreign investors or influence, as well as a plan to bring the manufacturing of the routers to the U.S.
Certain routers may be exempted from the list if they are deemed acceptable by the Department of Defense or the Department of Homeland Security, the FCC said. Neither agency has yet added any specific routers to its list of equipment exceptions.
The FCC’s move follows a decision on Friday by government agencies working on national security that internet routers made overseas “posed unacceptable risks” to the U.S.
Those risks include potentially far-reaching impacts to the American supply chain, and the possibility of a cybersecurity attack that could disrupt infrastructure or cause harm to people, according to a summary of the decision.
The FCC noted that malicious access to routers was involved in three cyberattacks – referred to as Volt, Flax, and Salt Typhoon – aimed at U.S. infrastructure between 2024 and 2025.
U.S. government investigations into those attacks blamed actors within, or working on behalf of, the Chinese government.
The vast majority of Internet routers are assembled or manufactured outside of the U.S., often in Taiwan or China.
The FCC ban applies even if a router is designed in the U.S., but built abroad. Popular brands of router in the U.S. include Netgear, a U.S company, which manufactures all of its products abroad.
One exception to the general absence of US-made routers is the newer Starlink WiFi router. Starlink is part of Elon Musk’s company SpaceX. The company says the Starlink routers are made in Texas.
Source: BBC News
Image Credit: Stock Image
