China’s Cyber Threats to Critical Infrastructure & TP-Link Router Risk
I recently had the honor to testify before the House Select Committee on the Chinese Communist Party to address the growing cybersecurity threats posed by the People’s Republic of China (PRC). As the former Director of Cybersecurity at NSA, I have seen firsthand how Chinese state-sponsored hackers have evolved from stealing intellectual property to preparing for destructive cyberattacks against U.S. infrastructure. The hearing also featured expert testimony from Dr. Emma M. Stewart, Chief Power Grid Scientist at Idaho National Laboratory, and Ms. Laura Galante, former Director of the Cyber Threat Intelligence Integration Center at ODNI. Together, we discussed how China’s cyber operations threaten America’s security, economy, and digital resilience.
PRC Cyber Campaigns Targeting U.S. Critical Infrastructure
Chinese hackers have infiltrated vital U.S. infrastructure, including power grids, pipelines, water treatment facilities, and telecommunications networks. Intelligence reports indicate that they have implanted malware within these systems, allowing them to disrupt critical services in times of crisis. A recent campaign, Volt Typhoon, revealed China’s efforts to preposition its cyber capabilities inside U.S. infrastructure, not just for espionage but for potential physical disruption of essential services.
Beyond infrastructure attacks, Chinese cyber actors steal intellectual property from American businesses, universities, and government agencies. These thefts have fueled China’s rapid advancements in military technology and artificial intelligence, undermining U.S. innovation and economic competitiveness.
Cyber Operations Aimed at Disruption
China’s cyber strategy has expanded from intelligence gathering to creating societal panic. The FBI and U.S. intelligence community warn that China’s hackers could disable power grids, disrupt emergency services, and paralyze financial institutions to create chaos and weaken America’s ability to respond to geopolitical crises. If tensions escalate over Taiwan or other global conflicts, Beijing could exploit its digital foothold to cause widespread instability.
TP-Link Routers: A Security Concern
One overlooked risk is the technology millions of Americans unknowingly rely on. TP-Link, a Chinese manufacturer of Wi-Fi routers. TP-Link, the world’s largest manufacturer of commercial Wi-Fi and home routers has grown to at least 60% of the U.S. retail market for Wi-Fi systems and SoHo routers compared with about 10% of the market at the start of 2019. This rapid expansion, largely due to below profitable pricing and aggressive market tactics, has raised national security concerns. Chinese state-backed hackers have previously exploited TP-Link devices in cyberattacks. Worse, TP-Link—like all Chinese companies—is subject to PRC intelligence laws, meaning the Chinese government could compel it to provide backdoor access to American networks through software updates. Given its dominance in the U.S. market, this creates a significant vulnerability in both home and business networks.
Strengthening U.S. Cyber Defenses
To mitigate these threats, the U.S. must take decisive action across three key areas:
- First, we must improve our tools to deter these PRC actions. Deterrence is not just about strengthening cyber defenses—it requires a comprehensive approach that makes clear to Chinese leadership that cyber aggression will have consequences. This means leveraging offensive cyber capabilities to disrupt their operations, economic sanctions, public indictments, international law enforcement actions, and diplomatic pressure. Additionally, export controls and intelligence sharing with allies and private industry must be expanded to limit China’s ability to exploit our technology for cyber operations.
- Second, we need stronger defenses. The U.S. must make substantial investments in cybersecurity to protect critical infrastructure and private-sector systems. Too many organizations fail to patch known vulnerabilities, making them easy targets for PRC hackers. Regulatory measures should drive stronger security practices in software development and hardware supply chains. Additionally, the U.S. must remove high-risk PRC-controlled technologies, including TP-Link routers, from our networks to close off potential attack vectors.
- Finally, assuming our adversaries still come at us, and our defenses improve, we must still plan to be resilient. Cyberattacks will happen despite our best efforts, so we must focus on limiting their impact and ensuring rapid recovery. This includes building in redundancies, strengthening incident response capabilities, and preparing the public and private sectors to operate through cyber disruptions. Reducing our exposure and improving coordination across industries and government agencies will ensure we can withstand and recover from cyberattacks quickly.
China’s cyber strategy represents a long-term, strategic challenge to U.S. security. Strengthening cyber defenses, securing infrastructure, and eliminating high-risk technologies will be critical to protecting national security.
You can read my opening statement here:
