This piece originally appeared in the National Interest.
TP-Link, the China-based network equipment manufacturer, is in trouble. The Department of Justice is conducting a criminal antitrust investigation into the China-based network equipment manufacturer because of its strategy of intentionally undercharging for its products to drive out competitors. Meanwhile, the ROUTERS Act, which would require the Department of Commerce to investigate security issues in America’s wireless infrastructure, specifically from routers manufactured in China, is making its way through Congress. With all these concerns coming to a head, now is an ideal time to discover just how dependent the U.S. government is on Chinese-manufactured routers, not only at the federal level but also among states and local governments.
TP-Link routers are known to be incredibly vulnerable. First, the routers are filled with technical vulnerabilities, which the National Standards and Technology (NIST) National Vulnerability Database, a compendium of software vulnerabilities, tracks. Second, because of China’s national security laws, Chinese companies such as TP-Link have to support the Chinese government’s military and intelligence goals. This can involve companies turning a blind eye to state entities using their hardware as a cyber-attack source.
In fact, TP-Link routers have already been exploited by CCP-backed hackers to target Americans. In one case, malicious firmware linked to Chinese state-sponsored hackers was implanted into TP-Link routers. In another recent case, a vulnerability in TP-Link routers was used to build an Internet of Things botnet targeting American organizations. The most high-profile event came late last year when TP-Link routers were used to attack Microsoft. These vulnerabilities are so widespread that several countries, including Taiwan, have already banned TP-Link routers from their government and educational facilities. Despite the risks, multiple federal agencies continue to use TP-Link routers, from the Department of Defense to NASA.
