The security risks and moral and other problems with buying from Chinese state–controlled companies, i.e., all Chinese companies, vary widely. Chinese-made frying pans and underwear probably do not pose the same kind of threat as Chinese-made routers that have been used in cyberattacking U.S. companies and other organizations.
Years too late, but better than never, the U.S. government is contemplating a “Ban on Chinese-Made Router in Millions of American Homes.” The bestselling router made by TP-Link “has been linked to Chinese cyberattacks” (The Wall Street Journal, December 18, 2024).
Ongoing investigation
The report states that a) TP-Link’s routers have been linked to cyberattacks and b) authorities are investigating whether the routers—the routers that have been linked to cyberattacks—are a risk to national security. Isn’t the same evidence linking the routers to cyberattacks the evidence that the routers are a national-security risk? And a business-and-home risk?
TP-Link, “established in China,” “has roughly 65% of the U.S. market for routers for homes and small businesses.”
U.S. authorities are investigating whether a Chinese company whose popular home-internet routers have been linked to cyberattacks poses a national-security risk and are considering banning the devices….
Investigators at the Commerce, Defense and Justice departments have opened their own probes into the company, and authorities could ban the sale of TP-Link routers in the U.S. next year, according to people familiar with the matter….
An analysis from Microsoft published in October found that a Chinese hacking entity maintains a large network of compromised network devices mostly comprising thousands of TP-Link routers. The network has been used by numerous Chinese actors to launch cyberattacks. These actors have gone after Western targets including think tanks, government organizations, nongovernment organizations and Defense Department suppliers….
Federal contracting documents show TP-Link routers supply everything from NASA to the Defense Department and Drug Enforcement Administration, and the routers are sold at online military exchanges.
The Journal observes that it will probably be up to the Trump administration to follow through on the proposed ban of TP-Link, whose routers are notorious for security flaws that the company “often fails to address…. While routers often have bugs, regardless of their manufacturer, TP-Link doesn’t engage with security researchers concerned about them.”
The company says that it is ready to cooperate with the U.S. government and to demonstrate that “our security practices are fully in line with industry security standards” and that TP-Link is committed to “addressing U.S. national security risks.”
Decouple
The Chinese Communist Party doesn’t want the U.S. to take steps to defend itself against Chinese cyberaggression. According to Liu Pengyu, spokesman for the Chinese embassy in DC, the United States in pondering a ban of TP-Link is wrongly using concern for national security as an excuse to “suppress Chinese companies.”
The Party’s surely justified concern about the possibility of abusing the concept of national security to rationalize wrongful ends is here misapplied.
What now? In addition to following through with the ban of TP-Link routers, we should do more of the same, i.e., undertake more outlawing of Chinese products that amount to weapons. The United States must decouple from weapons aimed at us. Hope you understand, CCP propagandists.
Also see:
Microsoft: “Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network”
“Microsoft tracks a network of compromised small office and home office (SOHO) routers as CovertNetwork-1658. SOHO routers manufactured by TP-Link make up most of this network.”
