This piece originally appeared in the National Interest.
For anyone following the Chinese Communist Party’s (CCP) actions related to digital technology, the specter that Chinese companies could be leveraged to conduct intelligence activities has been ever-present. National security officials and researchers have highlighted how Chinese laws require domestic firms to assist the CCP in national security or counter-espionage operations, with no limit on what that cooperation can entail. These laws empower the CCP to turn any domestic firm’s product into a trojan horse for its malign operations.
The threat of domestic Chinese technology companies bolstering the CCP’s military and intelligence capabilities has prompted congressional responses on several occasions. The first instance involved Huawei and ZTE, Chinese telecommunications firms with ties to the CCP’s military apparatus, leading to laws preventing the purchase or use of their equipment within U.S. telecommunications networks. Vulnerabilities and potential backdoors into technology used by government agencies, including the Department of Defense, were uncovered in drones manufactured by DJI, a Chinese company, leading to their addition to the Bureau of Industry and Security Entity List. Similar concerns about cybersecurity vulnerabilities have been raised around ZPMC, a Chinese state-owned crane manufacturer, prompting an investigation into the firm. Most recently, the House of Representatives passed H.R. 7521 to mitigate potential security threats posed by TikTok, the popular social media platform owned by Chinese firm ByteDance. Now, another link in the chain that sustains internet connectivity is drawing attention: routers.
Recent reporting and government disclosures have highlighted how CCP digital espionage operations are targeting vulnerabilities in routers in Europe and the United States. Routers are devices that serve as hubs for directing data traffic within and between networks. When you connect to a wireless network at home, work, or school, that connection is facilitated and managed by a router. Insecurities within routers can allow hackers to install malware within networks that can go undetected for years, allowing for remote access, information gathering, and other forms of cyber espionage.