The Router as National Security Infrastructure
Most of us plug in our Wi‑Fi routers without a second thought. They sit on bookshelves and under desks, quietly connecting laptops, gaming consoles, TVs, smart doorbells and thermostats. For years they have been treated like any other commodity gadget: a cheap box that offers internet access and usually gets replaced only when it breaks. In March 2026, that complacency ended. The U.S. Federal Communications Commission (FCC) and other federal agencies declared that consumer‑grade routers are no longer just household electronics but critical infrastructure that foreign adversaries can exploit. US regulators are increasingly treating home networking gear as critical infrastructure, a shift reflected in the expansion of the FCC Covered List of communications equipment that designates products posing national security risks.
Table of Contents
The US ban on foreign‑made consumer routers

On March 23 2026 the FCC announced a sweeping order that bans the import of new consumer routers manufactured outside the United States. China controls roughly 60 percent of the U.S. home‑router market, and the order is part of a broader crackdown on Chinese‑made hardware. The ban stems from a White House‑convened review that concluded imported routers pose “a severe cybersecurity risk” that could be leveraged to disrupt critical infrastructure. Malicious actors have used vulnerabilities in small‑office and home routers produced abroad to attack households, disrupt networks, spy on users and steal intellectual property. Such devices were directly implicated in the Volt, Flax and Salt Typhoon cyberattacks on communications, energy, transportation and water systems.
Many of these vulnerabilities stem from weak implementation of foundational protections, including data confidentiality and device authentication, challenges explored in our deeper analysis of how encryption protects digital infrastructure.
The prohibition applies to any new “consumer‑grade router,” a category defined by the National Institute of Standards and Technology as routers designed for residential use that can be installed by customers. Existing routers are unaffected. Households can continue to use devices they already own, and retailers may still sell models that were approved under previous FCC policies. Updates for routers placed on the FCC’s Covered List will continue through March 1 2027. But adding all foreign‑made consumer routers to the Covered List means the FCC will no longer authorize the radio frequencies of new models. Unless manufacturers shift production or secure a waiver, no new foreign‑made routers will be sold in the U.S. after existing inventories run out.
The FCC’s order includes an exemption for routers deemed safe by the Defense Department, but in practice the bar is high. Companies can apply for “conditional approval” by presenting plans to shift manufacturing to the U.S. or other trusted locations. Under the White House’s 2025 national security strategy, the United States must never be dependent on any outside power for core components “necessary to the nation’s defense or economy”. The router ban is a tangible expression of that policy. New devices must either be built domestically or satisfy rigorous supply‑chain vetting.
Routers at the center of cyber conflict

Routers sit between our devices and the wider internet, making them attractive footholds for attackers. While cloud servers and smartphones tend to receive regular updates, many routers are rarely patched after purchase. State‑sponsored hackers have turned this lax security into a weapon. In the Volt Typhoon campaign discovered by U.S. and Five Eyes intelligence agencies in 2025, Chinese hackers infiltrated home and small‑office routers to establish a “persistent presence” across American critical‑infrastructure networks. The Flax and Salt Typhoon operations exploited similar weaknesses, using compromised routers to pivot into power grids, water‑treatment plants and emergency communications.
These attacks reveal that routers are no longer peripheral gear. They are gateways into the systems that underpin everyday life. Unlike smartphones or PCs, routers are connected continuously, often with default passwords and outdated firmware. Attackers can harness them to build botnets capable of denial‑of‑service attacks, to intercept unencrypted data, or to implant malware that lies dormant until activated. National security officials argue that when an adversary can control millions of household routers, it can shut down communications or spy on entire communities. Security frameworks already recognize the vulnerability of residential networking devices, as outlined in NIST guidance on consumer IoT and router security, which highlights the risks associated with unmanaged home infrastructure.
Key recent router‑related cyber incidents include:
- Volt Typhoon: Chinese state hackers hijacked home routers to infiltrate U.S. critical‑infrastructure networks.
- Flax and Salt Typhoon: Similar campaigns targeted energy, transportation and water sectors using compromised routers.
- Botnet takedowns: U.S. authorities have regularly dismantled large botnets built on exploited home routers, underscoring how widespread the problem has become.
The ban’s supporters contend that, without trusted supply chains, foreign‑made routers may include undisclosed backdoors that give adversaries remote access. Skeptics counter that moving production onshore does not automatically eliminate vulnerabilities. During the Volt Typhoon hack, Chinese state‑sponsored actors primarily targeted Cisco and Netgear routers, products designed by U.S. companies, which had stopped receiving security updates. Hardware provenance is just one part of the security equation; ongoing software support and responsible lifecycle management matter just as much.
Supply chain, geopolitics and manufacturing shift
Most home‑router brands are built overseas. The market leader TP‑Link, though headquartered in California, manufactures its devices in Vietnam. Netgear, Eero and even Google’s Nest Wifi series are assembled in Asia. The Reuters report notes that China supplies about 60 percent of U.S. consumer routers. An FCC order aimed at all foreign‑made routers therefore affects nearly every device currently on store shelves. TP‑Link acknowledged that “virtually all routers are made outside the United States” and warned that the entire industry will be impacted. Market analysts warn that the policy could reshape consumer networking supply chains, with recent reporting on the router import restrictions highlighting potential disruptions for major global manufacturers.
The White House frames this as a supply‑chain resiliency issue. The 2025 national security strategy calls for independence in “core components,” and the router ban follows similar restrictions on drones and other equipment. The idea is to incentivize domestic manufacturing or trusted near‑shoring. To sell future products in the U.S., router makers must either build factories in the country or partner with American contract manufacturers. Those that choose the conditional‑approval route must provide the FCC and Department of Homeland Security with detailed plans for shifting production and securing materials.
Because few American firms currently produce consumer routers at scale, supply could tighten in the short term. Critics worry about higher prices and reduced choice. Proponents argue that the long‑term benefit of resilient supply chains and reduced espionage risk outweighs those costs. When the CHIPS and Science Act was passed in 2022 to revitalize domestic semiconductor fabrication, skeptics questioned whether subsidies would attract enough investment. By 2025, however, major chip foundries had broken ground in Arizona and Ohio. A similar dynamic could play out for routers, with incentives spurring the emergence of domestic networking‑hardware makers. Whether demand and profit margins are sufficient remains an open question.
| Aspect | Details |
|---|---|
| Scope | Applies to new consumer‑grade routers intended for residential use |
| Exemptions | Existing routers and models with prior FCC approval remain legal |
| Cybersecurity risks | Foreign‑made routers implicated in Volt, Flax and Salt Typhoon attacks |
| Manufacturing shift | Companies may obtain conditional approval by outlining plans to produce routers domestically |
| Update window | Products on the Covered List may continue receiving firmware updates until March 1 2027 |
Consumer and industry impact

For consumers, the immediate effect is minimal. You can keep using your existing router or buy any model that has already received FCC radio authorization. Retailers will continue to sell current stock, and the ban does not retroactively outlaw devices in homes and offices. Firmware updates will also continue until at least March 2027. However, the ban casts uncertainty over future upgrade options. If manufacturers do not shift production, new models may simply never arrive. Finding a router fully designed and manufactured in the U.S. will be “a tall order” given that most major brands rely on overseas factories.
The industry faces far larger adjustments. Companies like TP‑Link, Netgear, Eero and Google must decide whether to invest in U.S. manufacturing or abandon the market for new models. Those willing to move production could become pioneers of a new domestic router industry, potentially benefiting from government incentives and a captive market. Those that do not may cede space to newcomers or specialized defense contractors. The order could also accelerate interest in open‑source router firmware and hardware designs that can be audited for backdoors and maintained beyond the typical consumer‑product lifecycle. Nevertheless, shifting a complex electronics supply chain is costly, and the router business operates on tight margins. It remains unclear how many firms will be willing to absorb that expense.
For enterprise and government buyers, the ban highlights broader questions about vendor trust. If consumer routers are deemed risky, what about enterprise networking gear? The FCC’s decision references past cybersecurity incidents involving U.S.‑designed routers that lacked timely patches. A purely geographic fix will not secure networks if companies do not commit to ongoing maintenance. Security experts therefore urge organizations to treat routers as living systems requiring regular updates, strong passwords and network segmentation, regardless of their country of origin. The practical application of cryptographic protections across consumer and enterprise systems is further examined in our breakdown of encryption’s role in securing modern networks.
The path forward: what happens next?
The router ban will likely face legal and diplomatic challenges. Industry groups may argue that the FCC has overstepped its authority or imposed unrealistic manufacturing requirements. Foreign governments could retaliate against U.S. tech firms. At the same time, the U.S. security apparatus appears committed to decoupling supply chains for communications hardware. The ban follows a December 2025 rule that restricted new foreign‑made drones, and lawmakers have hinted that other consumer electronics may soon be scrutinized. Representative John Moolenaar praised the router decision as a way to protect the country against relentless cyberattacks. Policy discussions increasingly focus on national resilience in critical technologies, reflected in research on digital sovereignty and infrastructure security shaping long-term regulatory approaches.
In the longer term, the ban could catalyze innovation. If routers are the new smartphones in terms of strategic importance, they may attract investment and design attention. Domestic manufacturers could integrate advanced security features, such as hardware‑rooted encryption and automated update mechanisms. Software ecosystems could emerge around router‑level threat detection, anonymization and privacy controls. At the same time, consumer expectations will shift. Just as smartphones evolved from simple communication devices into secure computing platforms, routers may evolve into managed, trusted hubs for smart‑home devices and edge computing. Legislators and regulators will need to balance security with openness, ensuring that domestic production does not lead to monopolies or stifle competition.
FAQ
Does the ban apply to my current router?
No. Existing routers and any models previously approved by the FCC remain legal to use and sell. Firmware updates will continue through at least March 2027.
Which routers are affected?
The ban targets new consumer‑grade routers manufactured outside the U.S. and intended for residential use. Enterprise gear and industrial routers are not included, although regulators are reviewing risks across other categories.
Why does the government consider routers a national‑security risk?
Foreign‑made routers have been exploited in major cyberattacks such as Volt, Flax and Salt Typhoon. They can provide attackers with backdoor access to homes and critical infrastructure, enabling espionage, denial‑of‑service attacks and data theft.
Can companies still sell routers made abroad?
Yes, but only models that have already received FCC approval. New models require conditional approval and plans to shift production to the U.S. or another trusted location.
How will this affect router prices and availability?
In the short term, prices may rise as inventory dwindles and manufacturers adjust supply chains. Longer‑term impacts depend on whether companies invest in U.S. production or exit the market. The industry must weigh the cost of domestic manufacturing against the opportunity to serve a secure, captive market.
Is moving production enough to secure routers?
Not necessarily. The Volt Typhoon hack exploited routers designed by U.S. companies but no longer receiving updates. Security also requires robust firmware support, vulnerability disclosure programs and consumer education about safe networking practices.
Routers have graduated from humble networking gadgets to strategic assets. As the FCC’s ban shows, the boxes that deliver Netflix streams and Zoom calls are now treated like smartphone‑like hubs at the heart of national security. Whether the strategy achieves its goals will depend on how industry and government balance manufacturing, security and innovation over the next few years.




Reader perspectives, questions, and reactions.
No comments yet. Start the conversation.
Comments are closed for this article.