Two U.S. lawmakers have raised concerns about the cybersecurity risks posed by TP-Link Technology Co. Ltd., a prominent Chinese manufacturer of WiFi routers. Representatives John Moolenaar and Raja Krishnamoorthi, who lead the House Select Committee on China, have called on the Biden administration to investigate TP-Link amid fears of potential national security threats linked to Chinese cyberattacks.
The lawmakers have penned a letter to Commerce Secretary Gina Raimondo, urging the Department of Commerce to look into TP-Link’s operations using its information and communication technology services (ICTS) authority as outlined in Executive Order 13873. Their primary worry is that TP-Link’s routers and associated devices could be exploited in cyberattacks against the United States.
Expressing their apprehensions over potential Chinese cyber threats, the lawmakers emphasized the need for a thorough investigation into TP-Link to assess any national security risks it may pose. They underscored the importance of using the ICTS authority to mitigate any identified risks effectively.
TP-Link, headquartered in Shenzhen, China, has established itself as a leading global provider of WiFi products, including routers and mesh network systems. Despite its extensive market presence in over 170 countries, concerns have been raised about the security vulnerabilities in TP-Link routers. Reports have highlighted specific vulnerabilities that could potentially allow for remote code execution, as noted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The broader context of these concerns is the escalating cyber threats originating from China, with FBI Director Christopher Wray emphasizing the continuous threat posed by Chinese government-sponsored hacking. Advanced Persistent Threat (APT) groups like Volt Typhoon have been singled out for their sophisticated techniques and targeting of critical infrastructure in Chinese cyberattacks.
In response to the lawmakers’ letter, the Commerce Department has pledged to investigate the matter through appropriate channels, while the Chinese Embassy has urged U.S. authorities to base their assessments on concrete evidence rather than mere allegations. TP-Link, on its part, has refuted any cybersecurity vulnerabilities in its products and claimed not to sell routers in the U.S.
The ongoing situation underscores the delicate balance between national security imperatives and international trade relations. As the U.S. confronts the challenges posed by Chinese cyber threats, there is a growing recognition of the necessity for stringent measures to safeguard critical infrastructure from potential risks associated with foreign technologies.
The call for an investigation into TP-Link reflects broader anxieties surrounding the security implications of Chinese technology products and their potential exploitation in cyberattacks against the U.S. The outcome of this investigation could have significant implications for U.S. national security and its strategies for dealing with technology from foreign threat actors.