The U.S. Federal Communications Commission (FCC) has now identified consumer internet system routers produced by foreign companies as a potential security risk and has added most router models to the Commission’s Covered List.
As detailed in a Public Notice, the FCC’s action follows a determination by an Executive Branch interagency body that such routers “pose unacceptable risks to the national security of the United States or the safety and security of United States persons.” Specifically, the interagency body determined that foreign-produced routers introduce supply chain vulnerabilities and pose serious cybersecurity threats.
The FCC reports that foreign-made internet routers were determined to be involved in recent cyberattacks that targeted vital U.S. infrastructure, including the Volt, Flax, and Salt Typhoon incidents.
The interagency determination provides an exemption for routers that have obtained “Conditional Approval” from either the U.S. Department of War (DoW) or the Department of Homeland Security (DHS).
The FCC’s Public Notice on the addition of consumer-grade routers to its Covered List is available at https://docs.fcc.gov/public/attachments/DA-26-278A1.pdf.