Key Findings

• FCC bans all new foreign-made consumer routers from U.S. market effective immediately unless granted Conditional Approval by DoD or DHS

• Foreign routers pose unacceptable supply chain vulnerabilities and severe cybersecurity risks to critical infrastructure and American citizens

• Chinese state-sponsored actors including Volt Typhoon, Flax Typhoon, and Salt Typhoon have exploited compromised foreign routers to target U.S. critical infrastructure

• Ban applies only to new models; existing routers and previously approved devices can continue to be sold and used

• U.S.-manufactured routers like Starlink models are exempt from the ban

• Manufacturers can apply for Conditional Approval if they can demonstrate their devices pose no security threat

Background

The FCC updated its Covered List under the Secure and Trusted Communications Networks Act to add all consumer-grade routers manufactured outside the United States. This action followed a determination by a White House-convened Executive Branch interagency body that foreign-produced routers pose unacceptable risks to national security. The decision represents a significant shift in how the U.S. government approaches internet connectivity hardware at the consumer level.

Supply Chain Vulnerability Concerns

Executive Branch agencies determined that foreign-manufactured routers introduce critical supply chain vulnerabilities that could disrupt the U.S. economy, critical infrastructure, and national defense. By controlling router production and distribution, foreign adversaries potentially gain leverage points to compromise American networks at scale. The risk extends beyond individual households to threaten the foundational communications systems that support everything from banking to power grids to emergency services.

Cybersecurity Threats and Exploitation History

Foreign-made routers have demonstrated a pattern of exploitation by both state and non-state threat actors. These devices have been weaponized for password spraying attacks, unauthorized network access, espionage operations, and intellectual property theft. Routers serve as ideal targets because they function as the primary gateway for internet access and can be compromised without user awareness.

Chinese threat actors have been particularly active in leveraging router botnets. The botnet known as CovertNetwork-1658, attributed to Chinese group Storm-0940, has orchestrated highly evasive password spray attacks. More significantly, state-sponsored campaigns like Salt Typhoon have used compromised foreign routers to gain initial access to networks, then pivoted to compromise critical U.S. communications, energy, transportation, and water infrastructure.

Implementation Details and Exceptions

The ban prevents new foreign-made router models from being authorized, marketed, or sold in the U.S. However, the policy contains important limitations. Routers already purchased by consumers can continue to be used without restriction. Retailers can still sell inventory of previously FCC-approved models. U.S.-manufactured routers remain unaffected, with Starlink Wi-Fi routers explicitly noted as exempt since they are produced in Texas.

Router manufacturers retain the option to submit applications for Conditional Approval through DoD or DHS. Currently, only a limited number of products have received approval, primarily drone systems and software-defined radios from companies including SiFly Aviation, Mobilicom, ScoutDI, and Verge Aero.

Strategic Context

The decision reflects broader U.S. government strategy to reduce dependence on foreign components for essential technologies. It acknowledges the historical precedent of hardware-level vulnerability exploitation, referencing how the NSA has previously intercepted routers during export to implant backdoors. By controlling which routers reach the American market, the government aims to establish a trusted baseline for network security at the consumer level rather than rely on detection and response to compromises after they occur.

Sources

• https://thehackernews.com/2026/03/fcc-bans-new-foreign-made-routers-over.html

• https://securityaffairs.com/189959/security/fcc-targets-foreign-router-imports-amid-rising-cybersecurity-concerns.html

• https://apnews.com/article/fcc-foreign-router-ban-national-security-technology-7e5333aeaf82496ce6350f57699db5ba

• https://www.bbc.com/news/articles/c74787w149zo

• https://www.consumerreports.org/electronics-computers/wireless-routers/foreign-made-routers-fcc-ban-a1057564057/