A ban on Chinese-made 5G parts may be needed if companies do not create their own supply following the Huawei ban, a GCHQ chief has warned.
Dr Ian Levy, technical developer for the National Cyber Security Centre (NCSC) arm of the security agency, told MPs the Government may need to introduce a "market cap" on kit from "high-risk vendors" if trusted suppliers cannot fill the void left by the decision to remove all Huawei components from the UK network by 2027.
It comes as an Australian ambassador said his country had also banned Huawei because letting it into its 5G infrastructure was akin to "handing over the keys to the car".
The Government banned the Chinese company from the UK network earlier this year over fears that its kit could be exploited by the communist state’s security services.
Chinese laws mandate that its companies have to co-operate with the national security apparatus if ordered to do so.
Appearing before the science and technology committee, Dr Levy was asked whether there was not still a threat to the UK if many of the parts used by the remaining 5G vendors, Nokia and Ericsson, were still made or assembled in China.
Mr Levy said risk was far reduced if the components were designed and manufactured in the West and only assembled or partly manufactured in high-risk countries.
Asked whether the NCSC was advising the Government that it needed to implement a cap on Chinese components, he said: "That [a market cap] may be a useful thing to do for certain high-value, high-impact components. It is a question about whether that is useful for, for example, just sticking components on boards.
"If the market won't gravitate there [towards a diverse supply chain] itself, we would ask for incentivisation."
Dr Levy said a cap was "not yet" needed and the agency wanted to see how the market reacted in the wake of the ban.
Meanwhile, Dr Tobias Feakin, an ambassador for cyber affairs and critical technology for the Australian government, told MPs his country had opted to ban Huawei in 2018 because with 5G it is harder to limit risky components to "peripheral" parts of the network, as could be done with earlier generations of mobile technology.
He said: "Essentially, to over-simplify, it was a matter of giving away the keys to the car."