Two U.S. lawmakers have called on the Biden administration to investigate TP-Link Technology Co. Ltd., a major Chinese manufacturer of WiFi routers. Representatives John Moolenaar and Raja Krishnamoorthi, leaders of the House Select Committee on China, have expressed serious apprehensions about potential national security risks associated with TP-Link cybersecurity and Chinese cyberattacks.
In a letter addressed to Commerce Secretary Gina Raimondo, the lawmakers urged an investigation into TP-Link’s operations under the Department of Commerce’s authority. Their concerns revolve around fears that TP-Link’s routers and related devices might be exploited in Chinese cyberattacks against the United States.
Authorities Concerns Over Chinese Cyberattacks
Showing concerns over these potential Chinese cyberattacks, the authorities shared the letter with Secretary Raimondo, stating, “We write to respectfully request that you investigate TP-Link Technologies Co., Ltd. (TP-Link) and its affiliates under the Department of Commerce’s information and communication technology services (ICTS) authorities, pursuant to Executive Order 13873”.
TP-Link, a technology firm based in the People’s Republic of China (PRC), produces a wide range of Wi-Fi routers, devices, and mesh network systems, along with associated hardware and software. The company’s products hold a significant share of the U.S. market for Wi-Fi routers and related devices. There are growing concerns, supported by open-source information, that TP-Link might pose a serious threat to U.S. ICTS security.
The lawmakers further stated, “We therefore request that Commerce investigate TP-Link under its ICTS authorities to determine whether the company poses a national security risk. If it finds that is the case, we request that Commerce use its ICTS authorities to properly mitigate the risk.”
The request for this probe highlights a growing sense of urgency among U.S. lawmakers regarding the potential misuse of technology by foreign entities, particularly potential Chinese cyberattacks.
TP-Link’s Market Presence and Vulnerabilities
TP-Link, founded in Shenzhen, China, in 1996, is a leading global provider of WiFi products. The company’s extensive product range includes home and office routers, mesh network systems, and other related devices. As of 2022, TP-Link’s products are sold in over 170 countries, making it a prominent player in the global market.
However, the U.S. lawmakers’ concerns are not without merit. Recent reports have highlighted several security vulnerabilities in TP-Link routers. For instance, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) pointed out a vulnerability in TP-Link routers that could allow remote code execution. Additionally, a former Federal Communications Commission (FCC) commissioner noted that TP-Link products have been cited for security issues more frequently than some other brands.
The broader context of these concerns involves China’s increasing assertiveness in cyberspace. FBI Director Christopher Wray has warned that PRC-sponsored hacking has intensified, describing it as a significant threat to U.S. national security. The FBI has specifically highlighted Advanced Persistent Threat (APT) groups like Volt Typhoon as major concerns, noting their sophisticated techniques and targeting of critical infrastructure with Chinese cyberattacks.
Responses and Future Actions
In response to the lawmakers’ letter, the Commerce Department has stated that it will address the inquiry through appropriate channels. The Chinese Embassy, on the other hand, has expressed hopes that U.S. authorities will base their assessments on solid evidence rather than unsubstantiated allegations. TP-Link has also responded by denying any cybersecurity vulnerabilities in its products and claiming that it does not sell routers in the U.S.
The situation highlights the delicate balance between national security concerns and international trade relations. As the U.S. grapples with the implications of Chinese cyberattacks, there is a growing recognition of the need for stringent measures to safeguard critical infrastructure from potential threats posed by foreign technologies.
The call for an investigation into TP-Link reflects broader anxieties about the security of Chinese technology products and their potential use in cyberattacks against the U.S. The outcome of this investigation could have far-reaching implications for U.S. national security and its approach to managing technology from foreign threat actors.