The U.S. Federal Communications Commission (FCC) is moving to block new foreign-made internet routers from entering the U.S. market, citing mounting concerns that overseas supply chains could expose American networks to cyber threats inside their own homes.
The move expands the agency’s “covered list,” which bars equipment deemed to pose an unacceptable risk to national security and will effectively prevent new foreign-manufactured routers from being authorized for sale in the U.S.
The order means new routers must be built in the United States or clear a national security review that scrutinizes ownership, supply chains and software control to be sold domestically.
“Effectively, the FCC would ban all new routers, because there are no domestic routers that meet that standard today,” Matt Wyckhouse, founder and CEO of cybersecurity firm Finite State, told Fox News Digital Wednesday. “There’s no one who can clear the bar right now.”
LAWSUIT CLAIMS SECURITY CAMERAS SOLD IN THE US CARRIED UNDISCLOSED SURVEILLANCE RISKS
The list includes communications equipment and services considered “to pose an unacceptable risk to the national security of the United States or the safety and security of United States persons,” the FCC said.
The agency warned that “malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft,” citing multiple cases in which such devices were used in cyberattacks targeting U.S. infrastructure.
The rule applies broadly to devices produced outside the country but largely targets routers with Chinese origins. The world’s networking hardware supply is largely dependent on China for manufacturing and engineering.
Estimates in recent years indicate that devices with significant Chinese supply chain ties account for the majority of home routers used in the U.S.
TP-Link, a China-founded router manufacturer and one of the top-selling brands on Amazon, has faced growing scrutiny in Washington amid cyber incidents and broader concerns about foreign-linked networking equipment.
“Because nearly every manufacturer in this sector produces hardware abroad or relies on a global supply chain, this new requirement will set a bar for the entire industry,” a TP-Link spokesperson told Fox News Digital, calling the rule a “positive step” toward making the router industry more secure. “TP-Link has been committed to making further investments in America and has already been planning to establish U.S.-based manufacturing to complement our existing company-owned facilities in Vietnam.”
GOOGLE DISMANTLES 9M-DEVICE ANDROID HIJACK NETWORK
A review of router manufacturing and supply chains by Fox News Digital indicates that nearly all major router brands sold in the United States depend extensively on Chinese manufacturing, engineering talent or components, even when marketed as American or allied products.
Companies that have shifted production to countries like Vietnam often still rely on Chinese-owned manufacturers and engineering teams, meaning the supply chain footprint remains largely unchanged.
Core elements of router development — including firmware and hardware design — are frequently supported by engineering teams based in China, raising concerns about vulnerabilities within widely used networking equipment.
“The country where a device is manufactured does not necessarily determine the security of that product,” said Wyckhouse. “There’s a pretty large global supply chain involved — from chipsets to software to final assembly.”
FCC ANNOUNCES BAN ON NEW CHINESE-MADE DRONES OVER NATIONAL SECURITY CONCERNS
Those risks have already surfaced in real-world cyber operations.
In 2023, the Justice Department disrupted a network of hundreds of compromised U.S. home and small-business routers that had been hijacked by Chinese state-backed hackers known as “Volt Typhoon.” The infected devices were used to conceal the origin of cyberattacks targeting critical infrastructure, allowing malicious traffic to appear as if it came from inside the U.S.
By routing activity through compromised devices, hackers can make attacks harder to trace and maintain access inside targeted networks.
A single router often connects dozens of devices inside a home or small business, including phones, laptops, security cameras, smart TVs and baby monitors. A compromised device can give attackers visibility into network traffic and provide a foothold to move across connected systems or launch additional attacks.
U.S. officials say the broader campaign targeted sectors including energy, water, telecommunications and transportation, part of an effort to establish access that could be used to disrupt systems during a future conflict.
The FCC’s move is the latest step in a broader push in Washington to reduce reliance on foreign — and particularly China-linked — technology across critical sectors, including telecommunications equipment, semiconductors and consumer applications.
Supporters of the policy say it addresses long-standing supply chain risks and reduces the chances of foreign adversaries gaining access to U.S. networks. But the rule could strain supply chains and push up prices, given that most routers sold in the U.S. are manufactured overseas.
Wyckhouse said there are no domestic suppliers for all products involved in router manufacturing.
“This will definitely increase prices,” he said. “Companies will have to invest in U.S. manufacturing or retool existing operations, and that’s a major cost shift.”
The policy does not apply to routers already legally purchased or currently in use. Companies can continue selling routers that are already in the U.S. and previously approved, but once that inventory runs out, new foreign-made models would be effectively blocked unless they pass a national security review.
The rule does not mean routers already in American homes are known to be compromised. But cybersecurity officials have long warned that outdated or unpatched devices can be vulnerable, and in some cases have been used as part of larger botnet networks that support cyberattacks.
“The primary problem with routers is not where they’re made, it’s that consumers don’t update them,” said Wyckhouse. “It’s far more important to choose a router that updates automatically than one marketed as a U.S. product.”
The Chinese Embassy and relevant router companies could not immediately be reached for comment.