US FCC Blocks Import of New Foreign Routers Over National Security Threats
The US Federal Communications Commission (FCC) has expanded the Covered List to include all consumer routers manufactured abroad. This decision automatically blocks approvals for new models on the US market. Devices already certified by the FCC before the list was updated are exempt.
The decision is based on assessments from relevant agencies: foreign routers pose unacceptable risks to national security. The main threats include vulnerabilities in supply chains, cyberattacks, and damage to critical infrastructure that relies on mass-market networking devices.
Real-World Threats from Foreign Routers
The FCC has documented actual incidents of vulnerabilities in these devices being exploited. Attackers have targeted households, disrupted networks, conducted espionage, and stolen intellectual property.
Specific examples of foreign routers being used:
- Volt Typhoon: attacks on US critical infrastructure.
- Flax Typhoon: campaigns against network segments.
- Salt Typhoon: targeted operations on key facilities.
These threats highlight the role of consumer routers as entry points into broader networks. Vulnerabilities enable persistent access, data exfiltration, and use of devices in botnets.
Market and Manufacturer Impacts
Adding this category to the Covered List strips the FCC of authority to approve new imported routers. Manufacturers cannot legally sell uncertified models in the US. Existing approved devices remain on sale without restrictions—users don't need to rush to replace their equipment.
- For consumers: no ban on using current routers.
- For imports: blockade on new models with no exceptions.
- For supply chains: need to localize production or find alternatives.
Conditional Approval Process
Manufacturers can apply for exemptions via the conditional approval mechanism. They must prove there are no unacceptable security risks. Final decisions are made by national security agencies—the Department of Defense and the Department of Homeland Security.
This process doesn't guarantee success: reviews focus on supply chains, firmware vulnerabilities, and potential for state-sponsored attacks. Developers are advised to adopt hardened-by-design approaches, including secure boot and runtime integrity checks.
Key Takeaways
- The FCC has expanded the Covered List to cover all new foreign consumer routers, blocking their certification.
- Threats include Volt Typhoon, Flax Typhoon, and Salt Typhoon cyberattacks on critical infrastructure.
- Existing approved devices are unaffected; no replacement needed.
- Conditional approval is possible but depends on the DoD and DHS.
- The decision ramps up supply chain requirements for networking gear.
The Covered List update reflects a global trend toward stricter oversight of telecom equipment. For IT professionals, it's a call to audit network peripherals and minimize risks from legacy foreign-made devices.
— Editorial Team
No comments yet.