In response to the Volt, Flax, and Salt Typhoon Hacks, the FCC has banned foreign-made routers and stirred up concerns about long-term national security.
On March 23, 2026, the Federal Communications Commission (FCC) announced a ban on foreign-made consumer routers. The fact sheet cited the Executive Branch interagency body’s determination, stating the two “unacceptable risks” posed by foreign-made routers when explaining the need for such a ban: “(1) introducing a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense; and (2) establishing a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”
Routers have indeed posed a security concern for Americans. In addition to creating opportunities for network disruption and intellectual property theft, routers have been key vectors in the Volt, Flax, and Salt Typhoon cyberattacks. These hacks, each allegedly orchestrated by China-sponsored threat actors, have had remarkable scope and frequently provided the organizers with sustained access to US critical infrastructure networks. The monumental Salt Typhoon hack of late 2024 was called the "worst telecom hack in our nation’s history", and reportedly stole data from nearly every American. The Flax Typhoon hack created a botnet with nearly 1.2 million compromised devices, including routers and webcameras. 385,000 of these devices were based in the US.
Intrusions like these are what earned China the title of “the most active and persistent cyber threat to US government, private-sector, and critical infrastructure networks” in the 2025 Annual Threat Assessment from the Office of the Director of National Intelligence (ODNI), a title that was also retained in the 2026 Annual Threat Assessment. Even outside of the Typhoon clusters of attacks, programs like BRICKSTORM malware have been levied by Chinese-sponsored cyber actors to gain “long-term persistence” on information technology and government sectors in the US and Canada. When these hacks were discovered, cyber agencies were quick to make analyses and recommendations to prevent further harm. Now, the FCC’s ban may reflect the more aggressive ‘America First’ tone in President Trump’s cyber policies.
Trump’s Cyber Strategy, released earlier this month, listed “Secure Critical Infrastructure” as the fourth policy pillar. There, the White House asserted that federal and state governments would collaborate to reduce supply chain risks by using U.S. technologies as opposed to “adversary vendors and products”. In the 2025 National Security Strategy, the White House similarly argued that “the United States must never be dependent on any outside power for core components —from raw materials to parts to finished products—necessary to the nation’s defense or economy. We must re-secure our own independent and reliable access to the goods we need to defend ourselves and preserve our way of life… the Intelligence Community will monitor key supply chains and technological advances around the world to ensure we understand and mitigate vulnerabilities and threats to American security and prosperity.”
The Chairman of the FCC, Brendan Carr, commended the router ban in part because of its connection to the current administration’s stance: “I welcome this Executive Branch national security determination, and I am pleased that the FCC has now added foreign-produced routers, which were found to pose an unacceptable national security risk, to the FCC’s Covered List. Following President Trump’s leadership, the FCC will continue to do our part in making sure that U.S. cyberspace, critical infrastructure, and supply chains are safe and secure.”
Outside of the government, the response to the news has been mixed. An analyst for the China Program at the Foundation for Defense of Democracies, Jack Burnham, agreed with the motivation for the restriction: “I think it’s clear that consumer routers produced by foreign adversaries or foreign countries of concern do pose severe national security risks”. Still, Burnham noted that it’s not clear if a complete ban would be enough to solve the security issue. Bob Rudis, VP of data science at GreyNoise Intelligence (a cybersecurity threat intelligence firm), voiced concern about the lack of US-produced routers: “The vast majority of internet routers are assembled or manufactured outside the US, often in Taiwan or China. Products labeled ‘made in the U.S.’ are most likely only assembled domestically”.
The concern about what constitutes production in a foreign country is a common one, evidenced by the FCC’s FAQs on the new development. In the determination that preceded the FCC’s decision, “production generally includes any major stage of the process through which the device is made, including manufacturing, assembly, design and development.” Currently, none of the biggest producers of routers (Netgear, Amazon’s Eero, Google’s Nest, etc.) are produced entirely in the US. WIRED noted that any definition for what ‘foreign-made’ means was “decidedly murky.” Perhaps to account for this, the FCC says “a router produced in the United States is not considered ‘covered’ [banned] equipment solely because it contains one or more foreign-made components.”
The FCC’s ban will likely have a large influence on the market for home routers, but it likely will not result in a complete or immediate end to the use of foreign-made consumer routers. For one, the new ban isn’t applicable to qualifying routers if they were purchased before the announcement. Cybersecurity experts have pointed out this could lead to weaker security in the long term, as companies may hold on to their older, unsecure routers longer in the face of a ban. The FCC also encourages the producers of these routers to apply for ‘Conditional Approval’ from the Department of War or the Department of Homeland Security so they may be exempted from the ban, pending some evaluation from either of the agencies. Between these two means of retaining foreign-produced routers, it may be a while before the public sees the clear impact of the FCC’s decision.