The US bans foreign-made consumer routers. Here’s what you need to know
The order isn’t of immediate concern, but there could be long-term consequences, since routers used in the U.S. are primarily foreign-made, expert say
Sergey Bobylev / Sputnik via AP
The Federal Communications Commission’s recent ban on new foreign-made consumer routers may not have an immediate impact for consumers, but one Northeastern University cybersecurity expert said it could have long-term consequences.
Citing risk to national security as a top concern, the FCC issued the order late last month, referencing several high-profile cyberattacks, including Salt Typhoon, a Chinese-backed espionage campaign that targeted U.S. telecom providers.
“Malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft,” the FCC wrote about the ban.
Northeastern Global News, in your inbox.
Sign up for NGN’s daily newsletter for news, discovery and analysis from around the world.
Aanjhan Ranganathan, a professor in the Khoury College of Computer Sciences, said the ban does not currently affect routers already in use or recall routers approved and on the market, but it could be quite disruptive since the majority of routers used in the United States are at least partially or entirely foreign-made.
“I don’t have any [router provider] whose products are made 100 percent in the U.S.,” he said.
One notable exception is the satellite service provider Starlink, which makes some of its routers in Texas, but it also relies on Asia for some components, according to media reports.
Routers are an essential component to connecting to the web, Ranganathan explained. While a modem is your direct connection to the internet, a router serves as a broadcaster that allows your devices to use that connection.
A vulnerable router could expose thousands, if not millions, of devices to be used for “denial of service attacks on specific targets,” he said.
George Yip, a professor of international business at Northeastern University and an expert in Chinese innovation, said the U.S. ban on the routers is in line with its stance on many Chinese technologies being used for spying.
“That’s probably the number one concern right now,” he said. “They also are [trying to] protect critical infrastructure. This new router ban is designed to keep Chinese technology out of the core of American home networks.”
Editor’s Picks
Yip imagines this new ban will help the United States reduce its supply chain dependence on China, as router makers rush to set up facilities in the U.S.
Ranganathan added that he isn’t surprised that the FCC decided to issue the ban, but the U.S. doesn’t yet have the facilities to completely sever its reliance on foreign companies.
The FCC has said that businesses can apply for “conditional approval” to temporarily bypass the ban, but there are still unanswered questions surrounding company audits and exemptions and how software updates to existing routers will be impacted in the long term, Ranganathan highlighted.
The FCC said that all routers already “authorized for use in the United States may continue to receive software and firmware updates that mitigate harm to US consumers at least until March 1, 2027.”
But then what happens to those routers after that? Those are types of technical questions that still need to be adequately answered.
“Building locally, using locally, and not relying on other nation states is pretty much the best thing you can do,” Ranganathan said. “But this [type of] planning might not be the best move before you set up the infrastructure.”
