So it seems that the FCC in the United States has decided to ban pretty much every wireless router from being sold in the US. The FCC posted this PDF explaining the decision. But here’s the part that you need to care about:
The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”
And:
The National Security Determination states that “Production generally includes any major stage of the process through which the device is made, including manufacturing, assembly, design, and development.”
Since no router that I am aware of is built in the USr, it means that anything that you could purchase from Best Buy, or get from your ISP, or from companies like Cisco or Ubiquiti is effectively banned. So what does that mean? Well, from what I read it means the following:
- This ban applies to the importation and sale of routers.
- You can continue to use your existing router.
Now there is a lifeline of sorts for router companies. They can apply for an exemption by proving that their devices are safe. What that entails is a bit of a question mark at the moment. But I pretty much assume that router companies are rushing to take advantage of that. On top of that, router companies could get around this by building their gear in the United States. But that could take years to scale up and since labour in the US is more expensive than labour in Asia for example, prices are sure to go up.
So why is the US doing this? It’s likely a reaction to companies like TP-Link having what is perceived to be insecure gear that could be leveraged by threat actors of various descriptions to launch attacks. I mention TP-Link because most of the noise around this has centered around TP-Link being accused of working for Chinese intelligence. But the US is said to have said similar things about other router companies.
What should you do in regards to this issue? Well, if you are in the US and you were considering upgrading to a new router to get say WiFi 7 or better performance or more features, now might be a really good time to upgrade given that the US banned drones from DJI using a similar rationale. Thus supplies may run out quickly whether it’s from your local Best Buy, your ISP, of from companies like Cisco.
This will be very interesting to watch as I am going to guess that this whole scenario may not play out the way that the FCC wants it to.
UPDATE: I have some commentary on this. Starting with Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs had this to say:
“Supply chain compromise is becoming one of the most serious threat vectors for nation state and advanced intrusion activity targeting critical infrastructure. The FCC’s decision to add foreign manufactured consumer routers to its Covered List reflects a risk the security community has been warning about for years.
“As endpoint and product security have improved, adversaries have increasingly looked upstream toward manufacturing, firmware, and other supply chain dependencies where compromise can create durable access. The FCC’s citation of Volt Typhoon, Flax Typhoon, and Salt Typhoon is consistent with that concern. Network devices are especially attractive targets because they sit in the path of every packet entering and leaving an environment, and predeployment compromise can be exceptionally difficult to detect and remediate.
“This ruling applies only to new devices seeking FCC authorization, which shows policymakers are treating this as a structural, long-term risk rather than a one-off enforcement action. The market impact could be significant, given how much of the consumer router market is manufactured overseas. Public reporting has suggested that at least one newer Starlink Wi-Fi router is manufactured in Texas, but the broader reality is that domestic production capacity appears extremely limited.
“Security leaders should treat this as a procurement signal. If the federal government has concluded that foreign manufactured network hardware can present unacceptable supply chain risk, organizations should be reviewing whether their own vendor diligence, firmware assurance, and hardware sourcing practices reflect that same reality. Every router, switch, and access point in the environment came from a supply chain. Knowing where that hardware was manufactured, who wrote the firmware, and what visibility exists into that process is no longer a theoretical exercise. The geopolitical environment is making these questions urgent, and this ruling is unlikely to be the last of its kind.”
Damon Small, Board of Directors, Xcape, Inc. adds this:
“This is a massive expansion of U.S. tech protectionism, moving beyond specific Chinese entities like Huawei or ZTE to a blanket ban on all foreign-produced consumer routing hardware. By citing the weaponization of SOHO routers by groups like Volt Typhoon and Salt Typhoon, the FCC is treating the humble home router as a primary vector for national-scale pivot attacks against critical infrastructure.
“For security leaders, the immediate risk isn’t an overnight “dark start,” but a long-term supply chain squeeze; with over 60% of the market currently dominated by foreign manufacturing, procurement for remote-worker kits and branch offices is about to become significantly more expensive and limited to a handful of “trusted” (likely domestic) vendors.
“Defenders should audit their current fleet of remote-access hardware and prioritize vendors moving toward U.S.-based manufacturing or those actively seeking DHS “Conditional Approval.” While existing hardware is safe for now, expect insurance carriers and federal auditors to eventually move the goalposts from “legal to use” to “compliant to keep.”
“The FCC is finally treating home routers like the Trojan Horses they are, though I’m sure “Made in the USA” will magically add 40% to the MSRP and zero to the patch frequency.”
Like this:
Like Loading...
Related
This entry was posted on March 24, 2026 at 12:23 pm and is filed under Commentary with tags FCC. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The FCC In The US Has Pretty Much Banned All Wireless Routers From Being Sold…. But It’s Kind Of Complicated….
So it seems that the FCC in the United States has decided to ban pretty much every wireless router from being sold in the US. The FCC posted this PDF explaining the decision. But here’s the part that you need to care about:
The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”
And:
The National Security Determination states that “Production generally includes any major stage of the process through which the device is made, including manufacturing, assembly, design, and development.”
Since no router that I am aware of is built in the USr, it means that anything that you could purchase from Best Buy, or get from your ISP, or from companies like Cisco or Ubiquiti is effectively banned. So what does that mean? Well, from what I read it means the following:
Now there is a lifeline of sorts for router companies. They can apply for an exemption by proving that their devices are safe. What that entails is a bit of a question mark at the moment. But I pretty much assume that router companies are rushing to take advantage of that. On top of that, router companies could get around this by building their gear in the United States. But that could take years to scale up and since labour in the US is more expensive than labour in Asia for example, prices are sure to go up.
So why is the US doing this? It’s likely a reaction to companies like TP-Link having what is perceived to be insecure gear that could be leveraged by threat actors of various descriptions to launch attacks. I mention TP-Link because most of the noise around this has centered around TP-Link being accused of working for Chinese intelligence. But the US is said to have said similar things about other router companies.
What should you do in regards to this issue? Well, if you are in the US and you were considering upgrading to a new router to get say WiFi 7 or better performance or more features, now might be a really good time to upgrade given that the US banned drones from DJI using a similar rationale. Thus supplies may run out quickly whether it’s from your local Best Buy, your ISP, of from companies like Cisco.
This will be very interesting to watch as I am going to guess that this whole scenario may not play out the way that the FCC wants it to.
UPDATE: I have some commentary on this. Starting with Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs had this to say:
“Supply chain compromise is becoming one of the most serious threat vectors for nation state and advanced intrusion activity targeting critical infrastructure. The FCC’s decision to add foreign manufactured consumer routers to its Covered List reflects a risk the security community has been warning about for years.
“As endpoint and product security have improved, adversaries have increasingly looked upstream toward manufacturing, firmware, and other supply chain dependencies where compromise can create durable access. The FCC’s citation of Volt Typhoon, Flax Typhoon, and Salt Typhoon is consistent with that concern. Network devices are especially attractive targets because they sit in the path of every packet entering and leaving an environment, and predeployment compromise can be exceptionally difficult to detect and remediate.
“This ruling applies only to new devices seeking FCC authorization, which shows policymakers are treating this as a structural, long-term risk rather than a one-off enforcement action. The market impact could be significant, given how much of the consumer router market is manufactured overseas. Public reporting has suggested that at least one newer Starlink Wi-Fi router is manufactured in Texas, but the broader reality is that domestic production capacity appears extremely limited.
“Security leaders should treat this as a procurement signal. If the federal government has concluded that foreign manufactured network hardware can present unacceptable supply chain risk, organizations should be reviewing whether their own vendor diligence, firmware assurance, and hardware sourcing practices reflect that same reality. Every router, switch, and access point in the environment came from a supply chain. Knowing where that hardware was manufactured, who wrote the firmware, and what visibility exists into that process is no longer a theoretical exercise. The geopolitical environment is making these questions urgent, and this ruling is unlikely to be the last of its kind.”
Damon Small, Board of Directors, Xcape, Inc. adds this:
“This is a massive expansion of U.S. tech protectionism, moving beyond specific Chinese entities like Huawei or ZTE to a blanket ban on all foreign-produced consumer routing hardware. By citing the weaponization of SOHO routers by groups like Volt Typhoon and Salt Typhoon, the FCC is treating the humble home router as a primary vector for national-scale pivot attacks against critical infrastructure.
“For security leaders, the immediate risk isn’t an overnight “dark start,” but a long-term supply chain squeeze; with over 60% of the market currently dominated by foreign manufacturing, procurement for remote-worker kits and branch offices is about to become significantly more expensive and limited to a handful of “trusted” (likely domestic) vendors.
“Defenders should audit their current fleet of remote-access hardware and prioritize vendors moving toward U.S.-based manufacturing or those actively seeking DHS “Conditional Approval.” While existing hardware is safe for now, expect insurance carriers and federal auditors to eventually move the goalposts from “legal to use” to “compliant to keep.”
“The FCC is finally treating home routers like the Trojan Horses they are, though I’m sure “Made in the USA” will magically add 40% to the MSRP and zero to the patch frequency.”
Share this:
Like this:
Related
This entry was posted on March 24, 2026 at 12:23 pm and is filed under Commentary with tags FCC. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.