{"id":213177,"date":"2026-05-13T07:45:00","date_gmt":"2026-05-13T11:45:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/13\/fcc-extends-router-ban-deadline-but-warns-of-a-bigger-cybersecurity-threat\/"},"modified":"2026-05-13T09:35:10","modified_gmt":"2026-05-13T13:35:10","slug":"fcc-extends-router-ban-deadline-but-warns-of-a-bigger-cybersecurity-threat","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/13\/fcc-extends-router-ban-deadline-but-warns-of-a-bigger-cybersecurity-threat\/","title":{"rendered":"FCC Extends Router Ban Deadline\u2014But Warns of a Bigger Cybersecurity Threat"},"content":{"rendered":"

FCC Extends Router Ban Deadline\u2014But Warns of a Bigger Cybersecurity Threat<\/a><\/p>\n

https:\/\/news.clearancejobs.com\/2026\/05\/13\/fcc-extends-router-ban-deadline-but-warns-of-a-bigger-cybersecurity-threat\/<\/a><\/p>\n

Publish Date: 2026-05-13 07:45:00<\/a><\/p>\n

Source Domain: news.clearancejobs.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

\t\tIn March, the Federal Communications Commission (FCC) updated its Covered List, adding \u201cconsumer-grade routers produced in foreign countries.\u201dAs approximately 60% of the market is produced in China, the FCC issued a waiver for software and firmware updates to be made by March 1, 2027.
\nLast week, the FCC\u2019s Office of Engineering and Technology (OET) announced that waivers issued in January and March Public Notices of certain prohibitions in 47 CFR \u00a7\u00a7 2.932(b) and 2.1043(b) would be extended at least until January 1, 2029. The move was made to soften the ban on new, non-compliant foreign-made router imports, and reverses the earlier restrictions that would have blocked updates after 2027 for devices placed on the FCC\u2019s \u201cCovered List\u201d over national security concerns.
\nThe FCC said that preventing software updates could unintentionally create cybersecurity risks by leaving millions of existing devices vulnerable to unpatched flaws, compatibility issues, and operational failures. However, the waiver applies only to products previously authorized before the restrictions took effect and does not remove the affected devices from the Covered List or permit new foreign-made router models to enter the U.S. market.
\nSecurity experts have warned that abruptly ending firmware support for already-deployed devices would create additional attack opportunities by leaving consumers and businesses with unsupported networking equipment.
\n\u201cI strongly support the FCC\u2019s decision to allow firmware and software updates for already-authorized routers, including covered devices already deployed in the United States. This is the right cybersecurity outcome,\u201d said Matt Wyckhouse, founder & CEO of cybersecurity provider Finite State
\nWyckhouse wrote in an email to ClearanceJobs that the biggest practical security risk with routers is not only who made them, but whether they remain patched.
\n\u201cRouters sit at the edge of homes, businesses, and critical networks,\u201d Wyckhouse continued. \u201cWhen they stop receiving updates, known vulnerabilities remain exposed, attackers gain durable footholds, and consumers are left with equipment they cannot realistically secure on their own.\u201d
\nEnsuring No Zombie Devices
\nThe waiver update will also ensure that the devices remain reasonably secure in the short term and beyond. But only if patched accordingly.
\n\u201cManufacturers have zero incentive to write security patches for devices they can\u2019t keep selling,\u201d Josh Marpet, senior product security consultant at Finite State, also told ClearanceJobs. \u201cKeeping the market alive, as this adjustment is doing, is the only way to keep U.S. citizens safe for longer. Simple as that.\u201d
\nThis will also give consumers and enterprises time to address the issue, during which they should use it to formulate a strategy for their replacement.
\nJohn Carberry, solution sleuth at cybersecurity provider Xcape, Inc., told ClearanceJobs this is important as it will ensure the devices remain patched.
\n\u201cThe FCC\u2019s pivot from a hard 2027 cutoff to a January 2029 extension is a concession to the \u2018zombie device\u2019 reality: an unpatchable router is more dangerous to national security than a banned one that can still receive security updates,\u201d Carberry explained. \u201cBy allowing Class I and Class II permissive changes for an additional two years, the FCC is preventing a scenario where millions of already-deployed edge devices become permanent, unfixable entry points for state-sponsored actors like Volt Typhoon.\u201d
\nCarberry also noted that this is a \u201creprieve, not a policy reversal.\u201d It is important to note that the extension only applies to hardware authorized before the 2025\/2026 restrictions took effect. It will also mean that January 1, 2028, is a definitive \u201cend-of-life\u201d for legacy, foreign-made routers. That should provide time for a more phased procurement policy with trusted vendors. That doesn\u2019t mean putting off something to the last minute or hoping for a further extension.
\nIt also isn\u2019t a time to let the guard down, either. The waiver applies to \u201ccovered\u201d consumer-grade small office\/home office (SOHO) routers that are already authorized or are in the market. The network may be secure, but caution should be exercised, especially when sending sensitive information.
\n\u201cWhile waiting for replacement cycles, treat these devices as untrusted. Ensure they are isolated in restricted network segments and that administrative interfaces are never exposed to the public Internet,\u201d suggested Carberry. \u201cManaging security debt is a marathon, but the FCC just gave you two more years of oxygen; don\u2019t waste them waiting for a 2031 extension that probably isn\u2019t coming.\u201d
\nNo Easy Solution
\nThe FCC\u2019s decision to extend the update waivers wasn\u2019t easy, but it shows the complicated nature of how some security decisions are made. The FCC likely understood that many users would ignore the warnings and continue to use the devices. Allowing for updates and patches will give users more time to replace legacy hardware.
\n\u201cBlocking firmware and software updates for devices already deployed across homes and businesses could have created a much bigger problem by leaving millions of systems exposed to unpatched vulnerabilities,\u201d warned Phil Wylie, senior consultant and evangelist at Suzu Labs.
\n\u201cThreat actors actively target outdated and unsupported infrastructure because it is easier to exploit and often overlooked by defenders,\u201d Wylie told ClearanceJobs. \u201cWhile concerns around foreign-made technology and supply chain risk remain valid, this situation highlights the importance of balancing long-term security policy with operational reality. Unsupported technology does not become safer once updates stop. In many cases, it becomes a more attractive target.\u201d
\nFinally, this waiver does not weaken the broader national security objective, which is to remove foreign-made technology from end use. It will result in a gradual removal of Chinese and other routers.
\n\u201cIt does not remove covered devices from the Covered List, and it does not permit new foreign-made router models to enter the U.S. market. It simply preserves the ability to fix software and firmware in products that are already deployed,\u201d added Wyckhouse. \u201cThat distinction matters. Restrict risky new equipment from entering the market, but do not strand existing devices without patches.\u201d
\n\u00a0
\n\u00a0<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

FCC Extends Router Ban Deadline\u2014But Warns of a Bigger Cybersecurity Threat https:\/\/news.clearancejobs.com\/2026\/05\/13\/fcc-extends-router-ban-deadline-but-warns-of-a-bigger-cybersecurity-threat\/ Publish Date: 2026-05-13…<\/p>\n","protected":false},"author":1,"featured_media":213179,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/news.clearancejobs.com\/wp-content\/uploads\/2021\/11\/1150x732-2021-11-01T080441.185.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31],"class_list":["post-213177","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213177"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=213177"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213177\/revisions"}],"predecessor-version":[{"id":213181,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213177\/revisions\/213181"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/213179"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=213177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=213177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=213177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}