On March 23, 2026, the Federal Communications Commission announced that the box sitting next to your modem — the router that connects your home to the internet — is now a national security threat. Not the hackers who exploit it. Not the software vulnerabilities inside it. The box itself, if manufactured outside the United States, is now on the same government list as Huawei telecommunications equipment and Chinese military drones.
The announcement was quiet by Washington standards. A press release, a few news cycles, and then the story moved on. But the implications did not. The FCC’s decision to add all foreign-made consumer routers to its Covered List — the catalog of communications equipment deemed to pose unacceptable risks to US national security — is one of the most significant technology policy decisions in years. And it is being discussed almost entirely in terms of what it means for router prices, rather than what it means for the future of the internet.
What Actually Happened
The FCC’s action on March 23 followed a determination by a White House-convened interagency national security body that foreign-produced routers introduce, in the agency’s words, “a supply chain vulnerability that could disrupt the US economy, critical infrastructure, and national defense” and “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt US critical systems.”
The ban applies to new models only. Consumers who already own foreign-made routers — which is nearly every American household with a home network — can continue using their existing equipment. Retailers can continue selling models that have already received FCC authorization. But no new foreign-produced router models can be imported or sold, unless manufacturers obtain conditional approval from the Department of Defense or the Department of Homeland Security.
The practical scope of the ban is broader than it initially appears. The FCC defines “produced” expansively — covering not just where a router is physically assembled, but where it is designed and developed. An American-branded router manufactured in Vietnam with components designed in Taiwan could qualify as foreign-produced. Virtually every major consumer router brand currently available in the United States — Netgear, Asus, TP-Link, Google Nest, Linksys, D-Link, Eero — manufactures its products overseas.
The Attacks That Triggered It
The FCC’s announcement was not made in a vacuum. It specifically cited three Chinese state-sponsored cyberattack campaigns — Volt Typhoon, Flax Typhoon, and Salt Typhoon — as evidence that foreign-made routers have already been exploited to compromise American infrastructure.
These were not routine hacking incidents. Volt Typhoon, identified by the FBI and CISA in 2023 and documented extensively through 2024, involved Chinese state actors pre-positioning themselves inside US critical infrastructure networks — power grids, water systems, transportation networks — in ways designed not for immediate exploitation but for future disruption. The operation used compromised home and small-office routers as relay points, creating a distributed network of access points embedded in ordinary American households.
Salt Typhoon, revealed in late 2024, was arguably more alarming. Chinese hackers had penetrated the networks of major American telecommunications companies — including AT&T and Verizon — and maintained access for months, potentially intercepting communications including calls and texts involving US government officials. The entry points included router vulnerabilities in the networks of companies and individuals connected to those telecommunications providers.
The pattern these operations reveal is specific: consumer routers, running outdated firmware, with default passwords unchanged, located in homes and small businesses connected to larger networks, are not just inconvenient security risks. They are strategic access points for state-level intelligence operations. The Chinese government did not need to hack the Pentagon directly. It could access American networks through the boxes sitting on American kitchen counters.
The TP-Link Problem
The company most directly implicated in the router security debate is TP-Link Systems — a company founded in China in 1996 that restructured its corporate headquarters to Irvine, California, in an apparent attempt to distance itself from Chinese government associations.
TP-Link controls an estimated 60 percent of the US consumer router market. Its devices are cheap, widely available, and ubiquitous in American homes, small businesses, and remarkably, in US government networks. Congressional investigations found TP-Link routers in use at multiple federal agencies, despite the company’s documented ties to Chinese state-affiliated organizations and despite US cybersecurity agencies repeatedly flagging vulnerabilities in its products.
The Trump administration had been investigating TP-Link since at least 2024, and the Texas Attorney General filed suit against the company in early 2026, alleging that it had been marketing its devices deceptively while allowing Beijing access to American consumers’ devices. TP-Link has stated it will fight the FCC ban in court.
The TP-Link case illustrates the specific challenge that the router security problem poses. The company is not clearly a Chinese company — its headquarters, its legal structure, and much of its operations are now based in the United States. Its routers may not contain deliberate backdoors installed by Chinese intelligence. But they were designed in China, manufactured in China, and their firmware has been updated through processes that US security agencies cannot fully audit. In an era when the line between Chinese commercial companies and Chinese state intelligence is deliberately blurred, the distinction between “a Chinese company” and “a company with Chinese origins” has limited practical value for security purposes.
The Supply Chain Reality
The FCC’s ban creates an immediate practical problem that the announcement did not resolve: there are essentially no major consumer routers manufactured in the United States.
The consumer electronics supply chain, including routers, relocated to Asia over several decades in pursuit of manufacturing cost reductions. The expertise, component suppliers, manufacturing facilities, and labor force required to produce routers at consumer price points are concentrated in China, Taiwan, Vietnam, and Malaysia. Building a domestic US router manufacturing industry is not a short-term project. It requires capital investment, workforce development, component supply chain construction, and years of lead time — assuming it is economically viable at all against Asian manufacturing costs.
In the near term, the ban means that the models currently on store shelves will continue to be available until existing inventory is exhausted. After that, consumers will face a choice between higher-priced routers from companies that have obtained conditional DoD or DHS approval, models from the dwindling supply of previously authorized foreign-made equipment, or whatever domestic manufacturing capacity can be assembled — likely slowly, likely expensively.
The analogy to the Huawei ban is instructive. When the Trump administration’s first term banned Huawei from US telecommunications networks in 2019 and 2020, the immediate disruption was limited — American carriers had already been moving away from Huawei equipment under pressure. The longer-term consequence was a period of elevated equipment costs and supply constraints that carriers and their customers absorbed through higher prices. The router ban is likely to follow a similar trajectory.
Why Your Home Network Is Part of National Security Infrastructure
The router ban reflects a recognition that has been building in US national security circles for several years: the boundary between civilian consumer technology and national security infrastructure has effectively dissolved.
A home router is not just a household convenience. It is a node in a network that includes every device connected to it — computers, smartphones, smart speakers, security cameras, thermostats, medical devices — and that connects, through an internet service provider, to telecommunications infrastructure that carries financial transactions, emergency communications, government data, and critical systems.
When Chinese state actors compromised thousands of American home routers to create relay networks for intelligence operations, they were not exploiting some exotic vulnerability. They were exploiting the fact that most home routers run outdated software, have never had their default passwords changed, and are connected to networks that their owners assume are private but that are, from a security architecture perspective, largely open.
The scale of this exposure is difficult to overstate. There are approximately 175 million home internet connections in the United States. The vast majority use routers that were manufactured overseas, run firmware that has not been updated recently, and were set up by consumers with no security training. From a nation-state attacker’s perspective, this is not a vulnerability. It is an infrastructure asset — a distributed network of potential access points embedded in American homes, connected to American networks, maintained by people who have no reason to expect they are targets.
The Broader Implications
The router ban is one component of a broader technology security strategy that the Trump administration is pursuing across multiple domains simultaneously. Chinese drones were added to the FCC Covered List in December 2025. Semiconductor export controls restricting Chinese access to advanced chips have been tightened repeatedly since 2022. The review of Chinese-linked companies operating in US markets has expanded from telecommunications equipment to social media platforms, cloud services, and now consumer networking hardware.
The strategic logic is consistent: every layer of technology infrastructure that connects to American networks, carries American data, or processes American communications is a potential vector for Chinese state intelligence operations. The response is an attempt to wall off the most critical layers — starting with telecommunications, moving through semiconductors and software, now reaching consumer hardware.
Whether this strategy is coherent, achievable, or counterproductive in ways that outweigh its security benefits is a genuine policy debate. The supply chains involved are global and deeply integrated. The cost of disentangling them will be borne by American consumers and businesses. The security benefits are real but difficult to quantify.
What is not in question is that the decision has been made. The box on your kitchen counter is now a national security matter. The implications of that decision — for supply chains, for prices, for the structure of the consumer technology market, and for the broader relationship between the United States and China — are only beginning to become clear.
If this analysis interests you, read next: The AI Arms Race Nobody Voted For