House lawmakers push Commerce Department to probe Chinese Wi-Fi router company

Top lawmakers on an influential House committee on U.S.-China issues are urging the Commerce Department to investigate a Chinese company that makes a Wi-Fi router widely in use throughout the United States. 

In a letter sent this week, Reps. John Moolenaar, R-Mich., and Raja Krishnamoorthi, D-Ill., asked Commerce Secretary Gina Raimondo to open an investigation into TP-Link Technologies and its affiliates to determine whether the maker of Wi-Fi routers, devices and mesh network devices presents a national security risk.

Moolenaar and Krishnamoorthi, the chair and ranking member of the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, respectively, wrote that Commerce can open a probe under the department’s information and communication technology services authorities, noting that open-source information suggests that the company “may represent a serious threat” to IT security.

“TP-Link’s unusual degree of vulnerabilities and required compliance with [People’s Republic of China] law are in and of themselves disconcerting,” the lawmakers wrote. “When combined with the PRC government’s common use of SOHO [small office/home office] routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming.”

Citing industry reports and press releases, Moolenaar and Krishnamoorthi wrote that TP-Link — which also manufactures hardware and software components — is the largest global provider of Wi-Fi technology, selling more than 160 million products yearly in more than 170 countries. The company’s SOHO routers are commonplace in the United States, including on military bases.

In calling on Commerce to “properly mitigate this glaring national security issue,” Moolenaar and Krishnamoorthi are following the lead of several current and former U.S. national security  officials who have sounded the alarm on the increasingly urgent threats China poses to multiple critical infrastructure sectors. 

Officials from the FBI, National Security Agency and the Cybersecurity and Infrastructure Security Agency have all warned of Chinese hacking operations embedded in U.S. critical infrastructure networks for years, “pre-positioning” in IT systems to launch attacks and disrupt operations. Volt Typhoon and other Chinese APT groups have drawn most of the ire from U.S. officials, with FBI Director Christopher Wray testifying before the House committee in January that the groups present “the defining threat of our generation.”

The letter to Commerce notes that threat, citing “expert analysis” from 2023 that found such groups to be “consistently” exploiting known vulnerabilities in TP-Link routers as part of malicious campaigns that have targeted European government officials. 

Moolenaar and Krishnamoorthi asked Raimondo to respond to their request by the end of the month, with assessments of the national security risks posed by TP-Link SOHO routes and whether ICTS authorities can effectively address those risks.