The US has banned new foreign-made consumer internet routers over national security concerns. In an update on Monday to a list of equipment seen as not secure enough for use, the Federal Communications Commission (FCC) added all consumer-grade routers made outside the US. It puts routers - which are used widely in homes and businesses to connect computers, phones, TVs, and other devices to the internet - on par with foreign-made drones, which were banned at the end of last year. Malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft, the FCC stated.
While people will still be able to use foreign-made routers they already own, the ban applies to all new device models. The ban reflects growing concerns over the last year that routers were a point of easy access for malicious actors. Notably, TP-Link, a router brand made in China that is popular on Amazon, raised alarm last year following a series of cyberattacks.
All new routers made outside the US will now need FCC approval before being imported, marketed, or sold domestically. Manufacturers must apply for conditional approval, including disclosing any foreign investors or influences involved, as well as plans to move production to the US.
Certain routers may be exempted if they receive clearance from the Department of Defense or the Department of Homeland Security, although no specific router models have been added to this exemption list yet. The FCC's recent decision follows findings that internet routers made overseas posed unacceptable risks to the US, including the potential for cybersecurity attacks that could disrupt infrastructure or endanger public safety.
The FCC noted that malicious access to routers was involved in three cyberattacks targeting US infrastructure in recent years, with investigations indicating blame on actors connected to the Chinese government. Notably, the vast majority of internet routers are manufactured outside the US, predominantly in Taiwan and China. This ban affects even those routers designed in the US if they are built abroad, with popular brands such as Netgear also impacted. An exception exists, however, for the newer Starlink WiFi router, produced in Texas by Elon Musk's company SpaceX.
While people will still be able to use foreign-made routers they already own, the ban applies to all new device models. The ban reflects growing concerns over the last year that routers were a point of easy access for malicious actors. Notably, TP-Link, a router brand made in China that is popular on Amazon, raised alarm last year following a series of cyberattacks.
All new routers made outside the US will now need FCC approval before being imported, marketed, or sold domestically. Manufacturers must apply for conditional approval, including disclosing any foreign investors or influences involved, as well as plans to move production to the US.
Certain routers may be exempted if they receive clearance from the Department of Defense or the Department of Homeland Security, although no specific router models have been added to this exemption list yet. The FCC's recent decision follows findings that internet routers made overseas posed unacceptable risks to the US, including the potential for cybersecurity attacks that could disrupt infrastructure or endanger public safety.
The FCC noted that malicious access to routers was involved in three cyberattacks targeting US infrastructure in recent years, with investigations indicating blame on actors connected to the Chinese government. Notably, the vast majority of internet routers are manufactured outside the US, predominantly in Taiwan and China. This ban affects even those routers designed in the US if they are built abroad, with popular brands such as Netgear also impacted. An exception exists, however, for the newer Starlink WiFi router, produced in Texas by Elon Musk's company SpaceX.
