The U.S. Senate has introduced a new legislative proposal aimed at investigating national security risks associated with routers, modems, and similar networking devices manufactured by adversarial nations.
The bill, titled ROUTERS (Removing Our Unsecure Technologies to Ensure Reliability and Security) Act, mandates a federal risk assessment of networking equipment designed or produced by companies under the influence of China, Russia, Iran, North Korea, Cuba, and Venezuela.
Lawmakers emphasized that millions of American households and small businesses rely on Wi-Fi routers for internet access, yet many of these devices remain vulnerable to cyberattacks orchestrated by foreign state actors. This poses a grave threat to national security.
Under the proposed legislation, findings from the national security assessment must be presented within one year of the bill’s enactment to Senate and House committees overseeing science, transportation, and energy policies.
Federal cybersecurity agencies have long expressed concerns over threats originating from Small Office/Home Office (SOHO) routers. In September 2024, security experts uncovered a new botnet leveraging SOHO and IoT devices to launch cyberattacks.
In December 2023, the FBI conducted a large-scale operation to dismantle compromised systems across the United States that had been ensnared in the KV Botnet. The operation specifically targeted the Volt Typhoon threat group, a China-linked cyberespionage actor specializing in attacks on critical infrastructure.
Alongside the ROUTERS Act, the Senate has introduced another cybersecurity-focused bill—the Insure Cybersecurity Act—which proposes the establishment of a working group on cyber insurance. The task force will include representatives from CISA, NIST, FTC, the Department of the Treasury, and the Department of Justice.
The bill seeks to enhance business awareness of cyber risk insurance. Lawmakers argue that the lack of clear language in insurance policies leaves many companies vulnerable in the aftermath of cyberattacks. The new legislation aims to simplify cybersecurity insurance terminology, making coverage conditions more transparent and accessible. The working group will clarify key aspects of cyber insurance, including compensation for damages caused by ransomware attacks.
Both legislative proposals share a common objective—fortifying the nation’s cyber defenses—but pursue distinct strategies. The ROUTERS Act focuses on eliminating hardware-based security risks, while the Insure Cybersecurity Act aims to mitigate the financial impact of cyber incidents on businesses.
