Netgear becomes first router brand exempt from FCC foreign-made ban

midian182

Posts: 11,746   +178
Staff member
What just happened? Netgear has become the first retail consumer router company to avoid the FCC's ban on new foreign-made consumer routers, giving it a way to keep selling future products in the US even though they are built overseas.

In an April 14 update to the FCC Covered List, the agency said the Department of War had granted conditional approval for Netgear's Nighthawk and Orbi router lines, as well as its CAX cable gateways and CM cable modems, through October 1, 2027. Netgear highlighted the decision in an SEC filing the same day.

As we noted when the ban was announced last month, the FCC's order effectively blocked authorization of almost all future consumer routers made abroad.

The agency said foreign-produced routers create supply-chain vulnerabilities and severe cybersecurity risks, and pointed to their role in the Volt, Flax, and Salt Typhoon campaigns as justification for adding them to the Covered List. Previously approved models already on store shelves, or already in homes, were left untouched.

Netgear's exemption does not mean the router ban is suddenly gone. It just means regulators have decided this specific class of Netgear products does not pose the same national security risk – at least for now.

The FCC's notice also carved out Adtran's service delivery gateway routers, so Netgear is best described as the first retail consumer router brand to get through the new process, not the only company to benefit from it.

What makes the decision odd is the FCC's own guidance for conditional approvals. Applicants are supposed to disclose ownership, supply-chain exposure, firmware origins, single points of failure, and a detailed, time-bound plan to establish or expand manufacturing in the United States. They must also identify planned capital expenditures and provide quarterly onshoring updates.

Strangely, neither the FCC's brief announcement nor Netgear's filing explained what the company submitted to satisfy those requirements.

There's also the question of where Netgear builds its hardware. The company's website still lists Indonesia, Vietnam, and Thailand as manufacturing locations, despite the FCC process calling for a plan to shift at least some production to the US. Netgear also did not publicly explain that point when asked by reporters.

Ultimately, this wasn't a case of Netgear already making routers in America and simply getting rewarded for it. It was an exception granted to a company that still relies on the same global manufacturing footprint the ban was supposed to push out of the market.

Permalink to story:

 
What makes the decision odd is the FCC's own guidance for conditional approvals. Applicants are supposed to disclose ownership, supply-chain exposure, firmware origins, single points of failure, and a detailed, time-bound plan to establish or expand manufacturing in the United States.
What on earth do you find odd about this? Netgear received a conditional exemption as they've shifted production out of China. China was the source of the Volt, the Flax, and the Salt Typhoon router-based cyberattacks.
 
What on earth do you find odd about this? Netgear received a conditional exemption as they've shifted production out of China. China was the source of the Volt, the Flax, and the Salt Typhoon router-based cyberattacks.
The covered list isn't specific to China, so the conclusion of this article still stands IMO.
 
You’re not from the US are you. They did it because they have a good lobby and paid off the right folks within said regulatory body.
 
The covered list isn't specific to China, so the conclusion of this article still stands IMO.
Oops! The covered list includes **all** foreign-made routers, for the simple reason that a router that claims to be produced elsewhere may actually not be ... or it could assembled there, but still have firmware produced in China.

You’re not from the US are you. They did it because they have a good lobby and paid off the right folks within said regulatory body.
Tinfoil-hat theories aside, the US has essentially *no* domestically produced routers. This action was done to protect the US from router-based cyberattacks, not to benefit a specific manufacturer.
 
This action was done to protect the US from router-based cyberattacks, not to benefit a specific manufacturer.
Sadly it will have the opposite effect, since all of those routers can't receive security updates after March 1 of next year.

Oops! The covered list includes **all** foreign-made routers, for the simple reason that a router that claims to be produced elsewhere may actually not be ... or it could assembled there, but still have firmware produced in China.
Sure, that's in part why it's puzzling why Netgear got the exemption. But China is not the full story here, there's supposed to be a commitment to bring some manufacturing back to the states. Per this article, there has been no public announcement of such a commitment, and given this administration's love for such announcements, it's curious why there is not one - except that there simply is no such commitment.

My guess is that it submitted money.
Same. Or their policy, like others, is not intended to be taken literally, rather it is intended to be just a lever they can use on companies to exact some changes. What changes were done here, who knows.
 
Netgear is trash hardware. They clearly paid to play. Just like fatty wants. It's always a grift.
Translated from LiberalSpeak into plain English, the above statement reads, "no, I don't believe anything so foolish. I'm merely virtue-signaling my adherence to Leftist orthodoxy.

Sadly it will have the opposite effect, since all of those routers can't receive security updates after March 1 of next year.
Eh? They don't *need* security updates to remove Chinese malware if they never contained it in the first place.

China is not the full story here, there's supposed to be a commitment to bring some manufacturing back to the states. Per this article, there has been no public announcement of such a commitment, and given this administration's love for such announcements, it's curious why there is not one
You're confused. This ban was enacted by the FCC not the Department of Commerce. The FCC's aegis is Internet security, not promoting US manufacturing.
 
Eh? They don't *need* security updates to remove Chinese malware if they never contained it in the first place.
The ban prohibits software patches after March 1, 2027, to existing foreign made consumer routers. Vulnerabilities in software are found all the time, so not being patchable opens the door for hackers.

You're confused. This ban was enacted by the FCC not the Department of Commerce. The FCC's aegis is Internet security, not promoting US manufacturing.
What the stated goal of the FCC is and how the Administration is wielding it aren't necessarily one and the same. (That's true in general, across administrations and agencies)
 
The ban prohibits software patches after March 1, 2027, to existing foreign made consumer routers. Vulnerabilities in software are found all the time, so not being patchable opens the door for hackers.
Did you miss the part where this is a temporary ban, not a long-term solution?

What the stated goal of the FCC is and how the Administration is wielding it aren't necessarily one and the same.
Do you have any hard evidence of this, or just spitballing wild theories again? Given the fact we've just had the third major cyberattack due to Chinese-made routers, how long do you feel we should ignore the problem? Just sit and wait until the CCP shuts down the entire US Internet, compromises our banking system, and overides the safety controls on our nuclear reactors?
 
Did you miss the part where this is a temporary ban, not a long-term solution?


Do you have any hard evidence of this, or just spitballing wild theories again? Given the fact we've just had the third major cyberattack due to Chinese-made routers, how long do you feel we should ignore the problem? Just sit and wait until the CCP shuts down the entire US Internet, compromises our banking system, and overides the safety controls on our nuclear reactors?
It might be temporary, it might not be, we will see. I genuinely hope they remove their software update prohibition, or are defeated in court as this is probably an overreach that did not go through due process.

I'm not arguing that we don't need to take measures against cybersecurity threats, but given that this administration has defunded CISA, and given the other agendas the administration has, it's not a stretch, in fact it would be silly not to assume, that there are other motives at play than security. The prohibition on software updates after March 1, 2027 shows that experts in security were not consulted in this decision, or they were ignored, as nobody believes that the entire U.S. population is going to replace their router or switch their firmware to, say, a FOSS alternative, by this time next year.

Either the FCC's ban was incompetently formulated, or they have other motives. If you want to call that a wild theory, go right ahead. I'm standing by it.
 
Back