{"id":200426,"date":"2026-03-30T00:31:00","date_gmt":"2026-03-30T04:31:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/30\/us-router-ban-is-industrial-policy-not-better-infosec-the-register\/"},"modified":"2026-03-30T00:45:10","modified_gmt":"2026-03-30T04:45:10","slug":"us-router-ban-is-industrial-policy-not-better-infosec-the-register","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/30\/us-router-ban-is-industrial-policy-not-better-infosec-the-register\/","title":{"rendered":"US router ban is \u2018industrial policy&#8217; not better infosec \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/30\/professor_criticizes_fcc_router_ban\/\">US router ban is \u2018industrial policy&#8217; not better infosec \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/30\/professor_criticizes_fcc_router_ban\/\">https:\/\/www.theregister.com\/2026\/03\/30\/professor_criticizes_fcc_router_ban\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-30 00:31:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\nThe United States\u2019 ban on foreign-made SOHO routers won\u2019t improve security, and only makes sense as \u201cindustrial policy disguised as cybersecurity,\u201d according to Milton Mueller, Professor at the University of Georgia\u2019s School of Public Policy and founder of its Internet Governance Project.<br \/>\nMueller notes that the Federal Communications Commission (FCC) justified its ban with two arguments, one of which refers to CISA and FBI analysis that found attackers targeted SOHO routers to build a botnet that hid the Volt Typhoon and Salt Typhoon intrusions. The other argument relied on a Department of Commerce study that Mueller summarized as finding \u201cthe concentration of 85 percent of the consumer router supply chain in China creates a \u2018systemic vulnerability\u2019 where a single firmware update could be weaponized to disable U.S. home internet access.\u201d<br \/>\nThe academic thinks neither argument holds water.<\/p>\n<p>\u201cThe digital economy is global,\u201d he pointed out in a Saturday post. \u201cA router \u2018Made in the USA\u2019 likely runs a Linux kernel maintained by global contributors, uses Wi-Fi drivers written in Taiwan, and incorporates open-source libraries managed by developers worldwide.\u201d<\/p>\n<p>\u201cBy focusing on the geographic location of the assembly line, the FCC ignores the logical supply chain of the software. A U.S.-assembled router with a poorly written UPnP (Universal Plug and Play) implementation is just as vulnerable to a hijacking as a foreign one.\u201d<br \/>\nHe also points out that the FCC worries about backdoors in routers, when research into the Typhoon gangs found they exploited unpatched bugs, unchanged default device credentials, and bad design that leaves some network ports exposed to the public internet.<\/p>\n<p>\u201cPerhaps the most obvious lack of logic in the FCC\u2019s policy is its exclusive focus on new equipment authorizations while leaving legacy devices in place,\u201d Mueller wrote. He offered that idea because the Typhoon gangs targeted end-of-life routers and machines that use insecure legacy protocols.<br \/>\n\u201cBy banning the sale of the newest, most secure Wi-Fi 7 and Wi-Fi 8 routers from dominant foreign manufacturers, the FCC forces the American public to pay substantially more for upgraded, more secure equipment or, what is more likely, to keep their older, more vulnerable devices for longer,\u201d he argued.<br \/>\n\u201cIf a consumer cannot easily or affordably replace their 2019-era router because the 2026 models are banned, the total attack surface of the United States actually increases. \u201cThe ban targets the very devices most likely to have modern, auto-updating security features, while providing a \u2018free pass\u2019 to the millions of insecure, aging devices that state-sponsored actors are currently exploiting.\u201d<\/p>\n<p>Mueller concludes that by using only the criteria of \u201cforeignness,\u201d the ban \u201cactually worsens the security situation.\u201d<br \/>\n\u201cIncentives to upgrade to modern, more secure hardware are reduced, and users are encouraged to keep using unpatched legacy equipment\u2014the exact hardware that state-sponsored actors have successfully weaponized for years.\u201d<\/p>\n<p>He then ponders if the policy makes any sense.<br \/>\n\u201cIt does if you see the FCC\u2019s ban as an exercise in industrial policy disguised as cybersecurity,\u201d Mueller argues, then points out that US company Netgear has funded lobbying efforts on issues including the Removing Our Unsecure Technologies to Ensure Reliability and Security Act &#8211; aka The \u201cROUTERS Act.\u201d<br \/>\n\u201cWhile the risks of state-sponsored infrastructure attacks are real, the remedy chosen \u2013 a geographic ban on new hardware \u2013 prioritizes geopolitical decoupling over the immediate technical hardening of the American digital home,\u201d Mueller concludes. \u201cOnce again \u2013 as with the semiconductor export controls and the TikTok ban \u2013 we see the bootleggers seeking protection from competition hiding behind the religious banner of national security.\u201d \u00ae                                <\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>US router ban is \u2018industrial policy&#8217; not better infosec \u2022 The Register https:\/\/www.theregister.com\/2026\/03\/30\/professor_criticizes_fcc_router_ban\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":200427,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2026\/03\/30\/shutterstock_brainwashing_warning.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-200426","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/200426"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=200426"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/200426\/revisions"}],"predecessor-version":[{"id":200428,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/200426\/revisions\/200428"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/200427"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=200426"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=200426"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=200426"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}