Vendor says it is the victim of a smear campaign
Pro
Image: David Hou via Pexels
Congressional Republicans in the have called on the US Dept of Commerce to prohibit the Chinese networking equipment company TP-Link.
A letter from 17 lawmakers, led by Senate Intelligence Committee Chair Tom Cotton, cited the national security risks of embedding Chinese technology in US supply chains.
President Donald Trump gave the Dept of Commerce far-reaching powers to restrict US technology purchases on cyber security grounds in his first term, and his current team sees Beijing as the US’ most formidable adversary.
Cotton’s letter reflects the appetite among many congressional Republicans for strict controls on Chinese companies’ ability to access the US market, especially when their products could jeopardise national security. “TP-Link’s deep ties to the Chinese Communist Party (CCP), use of predatory pricing to eliminate trusted US alternatives, and role in embedding foreign surveillance and destructive capabilities into our networks render it a clear and present danger,” the lawmakers wrote to Commerce Secretary Howard Lutnick.
The letter’s signatories pointed to the dangers of security flaws in TP-Link’s small office/home office routers, a popular target of the Chinese hackers behind alarming breaches of US’ critical infrastructure.
Over the past decade, administrations of both parties have tried to address the cyber security vulnerabilities created by the US’s use of technology supplied by companies based in adversarial nations. In 2017, the first Trump administration banned the Russian antivirus software maker Kaspersky from federal government networks, and in 2024, the Biden administration followed up with a total nationwide ban on Kaspersky use. Both administrations also prohibited various purchases of telecommunications and surveillance technology from Chinese firms Huawei and ZTE. Those companies were relatively easy to block from the US. TP-Link’s products are much more popular, however, so a ban may be more difficult. Critics of the company point to its market share as evidence of the risk it poses; the company recently disputed claims about its hold on the US market, calling them “grossly inflated”.
TP-Link has also disputed other allegations that the congressional letter repeats, including that the company is subject to intrusive Chinese data access laws, that its products are uniquely riddled with security flaws and that it has rejected industry efforts to combat Chinese botnets.
The company told website Cybersecurity Dive in a statement that the latest letter made “categorically false” allegations. “TP-Link has been the victim of a smear campaign, driven by the goal of removing a competitor from the marketplace,” the company said. “The Commerce Department does not have legal authority to immediately prohibit sales of TP-Link products. But we are confident that any… investigation will lead the Commerce Department to recognise the security of TP-Link’s operations and products.”
Lawmakers on both sides of the aisle have repeatedly urged the US government to ban TP-Link. But the true extent of the risk that the company poses remains unclear.
“This is nice to have, but not essential,” said Paul Rosenzweig, a former Dept of Homeland Security official, who argued that TP-Link was “much less of a risk” than Huawei. In addition, Rosenzweig said, banning the company “seems inconsistent” with Trump’s attempts to negotiate a trade deal with China.
The Trump administration has yet to announce a plan for addressing supply chain security risks. Its decision on a TP-Link ban could provide a hint of how it intends to balance national security and global trade concerns.
Cybersecurity Dive
link