Ranking members of the House of Representatives’ powerful China committee are urging the Commerce Department to investigate Chinese companies that make Wi-Fi routers that are widely used across the United States.
In a letter sent this week, Rep. John Moolenaar (R-Mich.) and Rep. Raja Krishnamoorthi (D-Ill.) urged Commerce Secretary Gina Raimondo to open an investigation into TP-Link Technologies and its affiliates to determine whether the maker of Wi-Fi routers, devices and mesh networking devices poses a national security risk.
Mouleenaar, chairman of the House Select Committee on U.S.-China Strategic Competition, and Krishnamoorthi, the ranking member, wrote that open-source information suggests the company “may pose a significant threat” to IT security and that the Commerce Department could launch an investigation under its information and communications technology services authorities.
“TP-Link’s unusual vulnerability and [People’s Republic of China] “The law itself is disturbing,” the lawmakers wrote. “Coupled with the Chinese government’s frequent use of SOHOs… [small office/home office] “If routers like TP-Link’s could be used to launch a major cyberattack in the United States, that’s extremely worrying.”
Citing industry reports and press releases, Moolenaar and Krishnamoorthi wrote that TP-Link, which also manufactures hardware and software components, is the world’s largest Wi-Fi technology provider, selling more than 160 million products annually in more than 170 countries. The company’s SOHO routers are widely used in the United States, including on military bases.
In calling on the Commerce Department to “appropriately mitigate this clear national security concern,” Moolenaar and Krishnamoorthi join several current and former U.S. national security officials who have warned of increasingly imminent Chinese threats to several critical infrastructure sectors.
Officials from the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency have warned about Chinese hacking operations embedded in U.S. critical infrastructure networks for years, which are “pre-positioned” in IT systems to launch attacks and disrupt operations. Bolt Typhoon and other Chinese APT groups have drawn the most ire from U.S. authorities, with FBI Director Christopher Wray testifying before a House committee in January that the groups are “the defining threat of our generation.”
The letter to the Commerce Department addressed that threat, citing a 2023 “expert analysis” that found such groups were “consistently” exploiting known vulnerabilities in TP-Link routers as part of malicious campaigns targeting European government officials.
Moolenaar and Krishnamoorthi asked Raimondo to respond by the end of this month with an assessment of the national security risks posed by TP-Link’s SOHO route and whether ICTS authorities can effectively address those risks.
