The FCC has stopped people from bringing in new consumer-grade routers made by companies outside the US This article explores routers americans use. . The agency said it made the decision after an interagency group that met at the White House said these routers "pose unacceptable risks to the national security of the United States."
The majority of small office/home office (SOHO) routers that Americans use, as well as many commercial-grade devices, are made by companies that are not based in the U.S. The ban could mean that businesses that use the affected type of routers have to keep old equipment in place for a long time after it should be replaced, which could make security weaker.
Jim Needham, senior managing director at FTI Consulting, says that the concern is mostly about what might happen in the future because the ruling doesn't require replacing existing equipment right now. He says, "The policy doesn't force immediate replacement, but it does make it more important to get the replacement right when the time comes." Most of the time, the risks are operational and have to do with things like default credentials, missed patches, and management interfaces that are open to the public.
The European Union's Cyber Resilience Act is how they are dealing with the problem. It says that manufacturers who sell connected devices in Europe must meet certain cybersecurity standards. The FCC's ban is still a forward-looking measure for now, and it doesn't have much of an effect right away.
When older equipment wears out and companies have to deal with a limited replacement market, that's when the real test will begin. Pieter Arntz, a researcher at Malwarebytes, says, "Right now, there is no immediate effect, but we are worried that it will make networks less secure in the long run." "It depends on how flexible the FCC will be with the exceptions," he says.
The big question now is whether the lack of domestic options will lead to more investment in US manufacturing or just make the US more vulnerable.
