The FCC issued a ban on March 23 on all consumer-grade routers made in foreign countries. A router is the device in your home that connects your ISP broadband to the WiFi that almost everybody uses to connect devices in the home. Businesses use routers to direct ISP broadband around the business on fiber or copper networks. The ban covers all new brands and models of routers except those that have been granted a Conditional Approval by the Department of Defense or the Department of Homeland Security.

The ban comes after the White House convened an interagency group comprised of government security experts, which collectively decided that new routers made overseas “pose unacceptable risks to national security of the United States and the safety and security of United States persons”. There have been previous technology bans for security reasons, such as a ban on using software from Kaspersky Lab, and telecommunications services provided by China Telecom and China Mobile International USA. It’s worth noting that the FCC cannot decide to ban any equipment or service and can only do so if directed by national security agencies.

The ban noted that malicious actors have exploited security gaps in foreign-made routers to attack households, disrupt networks, engage in espionage, and steal intellectual property. The notice says that foreign-made routers were involved in cyberattacks from Volt, Flax, and Salt Typhoon.

The ban does not stop consumers from using existing routers. It doesn’t stop retailers from selling existing stocks of routers or from continuing to buy routers that previously have been approved by the FCC’s equipment authorization process. All that is blocked is any new models or generations of routers.

Router manufacturers can petition the DoD or DHS for conditional approval, which would allow them to apply to the FCC for equipment authorization for new routers. There are no manufacturers today that have this conditional approval.

It’s hard to know where this ban will lead, but this could become a big concern for ISPs, since most ISPs provide a WiFi router for new customers. Many cable companies and fiber builders build the router into the modem. Any ISP currently using an FCC-unapproved router is in trouble because, under this ban, they can’t give an unauthorized router to a new customer. Every ISP should be checking this week to make sure the routers they are providing have been blessed by the FCC.

This has longer-term implications since virtually all routers are made overseas, including those made by American companies like TP-Link, which manufactures its routers in Vietnam. Manufacturers routinely upgrade and improve routers every few years, and American ISPs will be stuck with older routers if the government doesn’t approve any new brands or models of routers.

One unspoken intent of the order is probably to promote the manufacture of routers in the U.S. I have to wonder if an American-made router would be any less susceptible to hacking than a foreign-made one. If not, I’m not sure what this ban will accomplish, other than making it more expensive to get routers. It will be interesting to see if any router companies move manufacturing to the U.S. due to this ruling. A more likely outcome might be that American consumers won’t be able to get some of the newest routers that are available to the rest of the world.