FCC Bans Foreign Routers - Addressing Cybersecurity Concerns

What Happened

On March 23, 2026, the FCC updated its Covered List, banning all new routers made in foreign countries from being sold in the U.S. This decision was based on concerns over "security gaps" in these devices, which have been linked to various cyberattacks. The FCC justified this move by referencing high-profile attacks attributed to Chinese advanced persistent threat actors like Volt, Flax, and Salt Typhoon.

Why It Matters

The intention behind this ban is to prevent foreign-made routers from being used in cyberattacks that target U.S. infrastructure. However, this sweeping action could inadvertently affect many harmless products and limit consumer options. The ban does not differentiate between manufacturers with poor security records and those that produce reliable devices.

Impact on Consumers

While the ban aims to protect consumers, it may not effectively address the real vulnerabilities. Many IoT and smart home devices, which are often the real culprits in cyberattacks, will remain unaffected. This broad approach could lead to a situation where consumers have fewer choices, particularly in the U.S. market, where some manufacturers may not have a great security reputation.

What Should Be Done

Instead of a blanket ban, a more nuanced approach is needed. The FCC should focus on identifying and banning specific models and manufacturers known for producing vulnerable devices. This would encourage better security practices among manufacturers and provide consumers with safer options.

Future Considerations

As the FCC's decision unfolds, it may lead to unintended consequences. Larger companies may benefit from the ban by shifting production to the U.S., while smaller firms could struggle to adapt. Ultimately, consumers deserve assurance that the devices they use are secure, regardless of where they are made. A careful evaluation of products, similar to the proposed U.S. Cyber Trust Mark, could provide a better solution than broad bans.