Linked articles

From Lutèce to CitéLibre: the city of Paris offers a suite of free software for local authorities

During the OW2con'2022 conference, the city of Paris announced on June 8th the release of an open source software suite, named "CitéLibre"."We want to reduce the technical step to facilitate the testing and adoption of these IT tools," says Philippe Bareille, head of the digital project at the city of Paris. Gazette des Communes, Philippe Bareille, digital project manager for the city of Paris. Lutetia, a free gate motor Lutetia is a free and open source portal engine that allows you to quickly create a dynamic web site or application.The Lutèce project was initiated in 2001 in order to provide the 20 borough councils of Paris with a digital content management tool. Developed by the Direction des Systèmes et Technologies de l'Information (DSTI) since 2001, it is today the base on which most of the new digital services set up by the city of Paris are based.Lutece allows to customize one of the 500 modules (plugins) or to create one to meet specific needs. More than 250 applications of the City of Paris are built around Lutece: from tennis courts management to land use, from reimbursement requests to "Dans Ma Rue", the application that allows residents to report problems on the public highway.The Lutetia source code has been open since 2005. It joined the OW2 association code base in September 2014 as part of the OW2 "OSS in Big Cities" initiative.However, Lutetia is currently only used by a limited number of local authorities such as Lyon, Mont-de-Marsan, or even Météo France whose site is based on Lutetia since 2005.This limited use of Lutetia by other communities convinced the City of Paris to clarify its offer, by distinguishing the Lutetia portal engine and CitéLibre, a series of ready-to-use software packages. The CitéLibre software suite With the launch of the suite CitéLibre, With the launch of the CitéLibre suite, the City of Paris intends to facilitate the adoption of the solutions it has developed by other local authorities: " CitéLibre is a pre-installed suite that enables the rapid deployment of digital services dedicated to local authorities," explains Philippe Bareille. "We want to avoid the headache of discovering 500 different functionalities. Here, we have pre-selected the most common uses in Paris and we can take advantage of them without coding. Eventually, the goal is to offer a complete suite where all you have to do is check off the solutions you want to implement.This suite is composed, in a first step, of two ready-to-use softwares: one for the management of appointments, and the other for the creation and the follow-up of forms. Software for citizen participation will be available soon. All of them use the latest version of the Lutèce 7.0.5 kernel, as it is used and works at the City of Paris.

• Innovation

Published on 22/06/22



[Feature] Local authorities facing cybersecurity issues: what levers for action?

Foreword"Local authorities of all sizes have become targets of cyber-malicious acts in increasing numbers (blocked information systems, interrupted missions to serve their constituents, etc.). A digital security incident can occur at any time and in any community " (CyberMalveillance Platform 2021 Activity Report)Since 2017, the national system for awareness, prevention and assistance to victims of cyber-malicious acts has been carried by the public interest grouping (GIP) ACYMA. This grouping brings together, in addition to the National Agency for Information Systems Security (ANSSI), the National Agency for Territorial Cohesion (ANCT) and the main ministries, actors from civil society (consumer or victim assistance associations, professional representations such as federations or unions, insurers, operators, software publishers) and representatives of local authorities.The government, through the France Recovery Plan, has allocated 136 million under the supervision of the French National Agency for Information Systems Security (ANSSI), to increase the cybersecurity of public services and local authorities.Two schemes are already in place: cybersecurity pathways and the incubation program for regional cyber incident response centers (CSRIT) which is aimed at the regions.A new system, aimed at the smallest municipalities and communities of municipalities, completes the system: aid to local authorities will be channeled through digital sharing structures, which are the only ones authorized to apply for projects. the call for projects launched on March 24, 2022 by the ANSSI. ContentsCommunities: Ransomware tops the list of assistance searches on the Cybermalveillance platformUnequal preparation of communities for risksAn awareness program for elected officialsCybersecurity courses, as part of the Recovery Plan, for communitiesRegional cyber incident response centersA new scheme to support the acquisition and deployment of cybersecurity products and services in communitiesThe Senate encourages the pooling of resources on an intermunicipal or departmental scale Communities: Ransomware tops the list of assistance searches on the Cybermalveillance platformThe platform Cybermalveillance.gouv.fr platform allows victims of cyber-maliciousness to request assistance and to learn about the steps to take. After filling out a questionnaire, the victim is directed to local service providers likely to meet his or her technical needs.The Cybermalveillance platform recorded 173,000 requests for assistance in 2021 requests for assistance: an increase of 65% (the increase was +155% in 2020, all victims combined). 2% of these requests for assistance came from local authorities. For local authorities, ransomware was in first place in 2021 in assistance searches: slightly up from 2020 (+5%). Likewise, phishing has risen considerably for local authorities, from 5th to 2nd place, an increase of +60%.Online account hacking retains its 3rd place, albeit with +50% growth over the previous year. As for personal data breaches, they rise in 2021 from 9th to 4th place, up +75%.In 2021, 2,100 local authorities and administrations benefited from online assistance: a volume that is globally stable compared to the previous year, which had been a year of very strong growth. The strong pressure of cyber-malware in local authorities has not weakened for two years now, concludes the platform.activity report Unequal preparation of local authorities for risks6 out of 10 communities say they have implemented cybersecurity measuresAt the beginning of 2021, France Urbaine conducted a barometer of digital maturity in metropolises France Urbaine conducted a survey in early 2021 of 12 metropolises, 10 agglomerations and urban communities, and 12 cities with a total population of nearly 18 million.)According to the survey, "more than 6 out of 10 communities say they have implemented cybersecurity measures." For its part, the FNCCR conducted a study in 2021 on the "In 4 out of 10 local authorities, the subject of IT security is still not being addressed at the highest level and is not part of overall governance. In addition, barely half of local authorities are beginning to have a complete and up-to-date view of digital risks. The BCP (Business Continuity Plan) and DRP (Business Continuity Plan) have been fully implemented in only 3 out of 10 local authorities.FNCCR: Only 12% of local authorities understand the challenges of cybersecuritycybersecurity issues in smart cities and territories." "In the face of increasing risks, the authors of the study note"a level of skills and resources vary significantly depending on the profile of the communities, but remain clearly insufficient. Only 12% of the structures surveyed are aware of concrete legal mechanisms to address cybersecurity issues." Cybersecurity issues are still not systematically integrated into the design of digital development and smart territory projects in the majority of local authorities. Thus, 84% of the communities surveyed do not perceive cybersecurity as a hindrance to the launch of smart projects, or do not have an opinion on the issue." The impacts seen or felt are not always easily quantifiable in terms of costs for communities. The impacts in terms of trust and reputation are thus unquantifiable, but can be very strong for a community."  To date, awareness of cyber risk among the local authorities surveyed is still uneven. This can be explained by several factors: observe the authors of the study. conducted a survey at the end of 2021 among local authorities of less than 3,500 inhabitants, which represent 91% of municipalities in France, in order to understand the digital uses, identify the risks / threats and understand the needs in this type of structure to provide useful and concrete responses.The appropriation of the cybersecurity theme by the elected officials of local authorities is sometimes incomplete, because the subject is still perceived as purely technical and should only involve certain specialized actors;Cybersecurity issues within a local authority are often dealt with in silos, with a lack of cross-functional vision between business units;The work of acculturation and awareness of the agents of the communities to the risks of cyberattacks does not seem to be a priority in many communities;Larger communities seem to have a better understanding of cybersecurity risk and, in general, small and medium-sized communities underestimate the risks, thinking they are "The human factor is still too often blamed in local authorities, so it is necessary to work hard at all levels to raise awareness of cybersecurity issues: training, dissemination of best practices, a culture of vigilance on a daily basis, etc. This awareness-raising must be aimed at everyone in order to decompartmentalize the subject of cybersecurity, which is no longer the exclusive concern of technicians but of all those who use digital technology within the local authority. This awareness-raising must be aimed at everyone in order to decompartmentalize the subject of cybersecurity, which no longer exclusively concerns technicians, but all those who use digital technology within the community.Cybersecurity is not integrated in anticipation as a major issue in smart cities and territories projects from the design stage.Cybersecurity in local authorities of less than 3,500 inhabitantsCybermalveillance.gouv.frinvestigationAmong the major areas that emerged from the study:77% of the communities have a small computer park (less than 5 computers);77% outsource their IT management;65% think the risk is low or non-existent or do not know how to assess it;Sharing passwords or mixing professional and personal uses are regularly practiced digital uses at risk;of the barriers to digital security. An awareness program for elected officialsFaced with the increase in cyber attacks against local authorities, Cybermalveillance.gouv.fr has created a working group dedicated to this audience, composed of ANSSI, Avicca, Banque des Territoires, CoTer Numérique and Déclic, and launched a awareness program for elected officials.It consists of three steps:Threats and essential reflexes for the digital security of communities: Cybermalveillance.gouv.fr answers the questions of two mayors on the main digital threats encountered by communities and their consequences, by providing advice on the first essential actions to adopt in digital security.Vigilance in the face of cyber attacks: The site publishes testimonies from municipalities that have been victims of various forms of cyber attacks, followed by advice to enable communities to better arm themselves and anticipate the risks.Awareness of digital risks: The cybermalveillance platform offers a series of resources for local authorities.Awareness videos on digital risksThree sheets: password management, elected officials/pro/personal use, phishingMaterials to summarize the first steps to take in case of a cyber attacka quick self-diagnosis to help elected officialspractical guides in cybersecurity Cybersecurity courses, as part of the Recovery Plan, for communitiesAs part of France Relance, the Government has allocated €1.7 billion in investments to the digital transformation of the State and its territories. This plan includes a "cybersecurity component," led by the National Agency for Information Systems Security (ANSSI), which amounts to €136 million over the period 2021-2022."The cyber courses, ANSSI reminds us, are open to voluntary public entities, with an information system of a few dozen machines, a referent for information systems security and a commitment to use at least 5% of their IT budget for their cybersecurity."The ANSSI has designed the courses so that they can be " industrialized " and entrusted to private service providers, with each entity benefiting from " consistent support and quality services".Each course includes three phases: a pre-diagnosis of the structure's level of cyber maturity to properly calibrate the interventions, an "initial pack" including a security audit, awareness-raising actions and the design of a security plan. These actions are completed if necessary by a "relay pack" for the installation of additional hardware or software.As of December 31, 2021, 626 facilities, for more than 990 candidates, had benefited from an e-learning pathway, with more than 54 service providers selected by the agency to lead them in the field. Regional cyber incident response centersANSSI is supporting seven regions in the implementation of a regional cyber incident response center. regional cyber incident response center.These CISRTs (Computer Security Incident Response Teams) will be responsible for raising awareness and training local players in good cyber practices. They will then help to report cyber incidents. Their experts will help the victims to qualify the incidents in order to put them in touch with the most appropriate structures to assist them in their resolution."Relying on the economic and social development competence devolved to the regions, ANSSI is providing financial support via a grant of up to one million euros to each volunteer region and methodological support in the form of a four-month training program. This incubation will enable the regional CSIRTs to become rapidly operational in order to respond in a relevant and efficient manner to the needs identified, while fully integrating into the territorial and national ecosystem. Eventually, the objective is to network the regional CSIRTs within InterCERT France - the French network of CSIRTs - in order to create a cooperation and sharing group dedicated to their territorial challenges. A new scheme to support the acquisition and deployment of cybersecurity products and services in communitiesAs part of the cybersecurity component of France Relance, ANSSI has launched a new device to support the acquisition and deployment of cybersecurity products and services in local authorities. This deployment will take place through the territorial structures in charge of the digital management of local authorities: digital service operators, mixed syndicates or management centers will therefore carry out projects for their members.Beyond the cybersecurity course, this new mechanism is intended primarily to help the smallest municipalities and communities of municipalities.Its goal: to support the acquisition, by the structures in charge of the digital transformation of the communities, of products and mutualized services for their members. These products and services must reinforce the level of cybersecurity of the beneficiary structures in a simple way and in adequacy with their immediate cybersecurity needs.The system is accessible to sharing structures in charge of supporting the digital transformation of local authorities. Only public structures, associations or public interest groups can be subsidized. The Senate encourages the pooling of resources on an intermunicipal or departmental scaleThe Senate's delegation for local authorities published on December 9 its report on a roundtable discussion on the challenge of cybersecurity. The report delegation's report highlights the extent of the cyber risk for all territorial organizations, as indicated by a map produced by the Cybermalveillance platform.Location of assistance requests (Source: Senate 2022, Acyma, 2021)Despite awareness campaigns, the awareness of elected officials is "uneven and insufficient" , observe the rapporteurs. " Due to a lack of time, but also of skills and qualified human resources, small municipalities are sometimes content to install an anti-virus system on an ad hoc basis, whereas cybersecurity must be constantly updated.Noting that only large communities benefit from support from the ANSSI, the Senate Delegation recommends the pooling of resources on an inter-municipal or departmental scale. " In this context, pooling resources as close as possible to the local authorities concerned is a wise choice for pooling efforts, confronting shortages of qualified professionals and thus setting up collective protection. However, she points out " the psychological obstacles" that this pooling could encounter.The Senate delegation concludes with a series of recommendations" Raise awareness of cybersecurity issues among elected municipal and inter-municipal officials and their departments.Applying the principle of subsidiarity to digital security policyTwo criteria must be taken into account when assessing the appropriate level of intervention: financial sustainability and the technical expertise required. This principle would allow small communities, identified as "weak links", to benefit from enhanced digital protection through pooling. The scale of relevance must be assessed in concrete terms according to territorial realities. It can be either an inter-municipal or departmental level. However, this recommendation presupposes that the psychological brakes related to the sensitivity of the data of the communes and the correlative fear of transferring them are removed.Put in place plans or procedures for business continuity and recovery in the event of a digital crisis: Emergency measures to be taken, service providers to be contacted, notification to public authorities such as CNIL and ANSSI...).Revaluate the functions of the CISO (Information Systems Security Manager) in local authorities of a certain size. The aim is to make this position a true "digital security director" whose functions should not be perceived as solely technical. The strategic nature of this function must be reflected in the remuneration offered as well as in the organization chart of the services (attachment to the General Management for example).

• Innovation

Published on 23/06/22



[File] "Intelligent" territories: what objectives, what values, what strategic framework?

Smart cities" is a concept that originated in the early 2000s with North American technology companies. In France, " smart cities" are local initiatives, most often led by local governments and their associations, that aim to harness the potential of megadata to improve public services for users (transportation, water distribution, sanitation, waste management, roads, street lighting, etc.).But what is a "smart city"? Is a "smart city" necessarily a digital city? If cities are more connected and better managed, do they meet the expectations of citizens?In 2021, more than 200 territories in France will be involved in projects integrating digital innovations. While some projects are at the forefront, the concepts of "smart city" and "smart territory" in France today encompass very different realities. Each local authority has its own projects, and sometimes promotes them vigorously. The companies that support them also contribute to this diversity.In a report very well documented report, the General Inspection of the Administration (IGA) noted the "dynamics of intelligent territories" while pointing out the absence of a strategic framework. In a study, also very complete, a consortium of consultants undertook, at the request of the Direction Générale des Entreprises (DGE), to " to define a possible French model of intelligent territory ". After having tried to promote a common vision of the European intelligent territory, via the "Intelligent Cities Challenge".Before highlighting the rich lessons of these two recent reports, let's revisit the warnings, expressed as early as 2017, by Jean Haëntjens and the CNIL's Digital Innovation Laboratory on the urban governance issues posed by the "smart city" as initially introduced by major players in the digital economy. "Political city" or "digitized service city"?The economist and urban planner Jean Haëntjens, in a synthesis book, " Smart city, intelligent city: what models for tomorrow? "published by the Documentation Française, looks back at the foundations of this very particular form of intelligence that is the intelligence of cities. " Companies, including the Gafams, have invested entire sectors of the urban economy: transportation, distribution, housing, tourism, etc. They are multiplying their smart offers. They are multiplying their smart offers. For Jean Haëntjens, "the smart city offer, as it is formulated today by the major players in the digital economy, is not only a technical offer; it is also a cultural, societal and political offer.According to Jean Haëntjens, a confrontation is now open between two radically different conceptions of urban governance: "Until recently," the author reminds us, "the strategic importance of this confrontation seems to have been largely underestimated by political leaders. Fascinated by the technical promises of the smart city offer, they have shown little interest in the economic, cultural, political and ideological content of this offer. They have often been in the forefront of welcoming Amazon's plans to set up shop before measuring the negative consequences for local commerce."On the one hand, the political city, governed by a mayor elected by citizens, whose mission is to seek the long-term general interest;on the other hand, a digitalized city as a service (city as a service) aiming to respond in real time to the demands of urban consumers and driven by companies that ensure both the collection of data and their processing by algorithms.In a more fundamental way, "two conceptions of space are being opposed. The first, that of the political city, privileges the public and real space; the second, that of the digitalized city-service, privileges the private and virtual space".The principle of a confrontation between political city and digitized city-service, which could still seem theoretical in 2017, has now become a reality. " Many cities have found that navigation applications such as Waze (a subsidiary of Google) were disrupting their traffic plans. This application aims to recommend to drivers the shortest travel time without taking into account the nuisance caused by passing a school or a hospital.Starting in 2017, several cities (Barcelona, London, Lyon, Milan, Paris, etc.) have thus been forced to react very actively to offers from Uber, Airbnb or self-service skateboard rental companies. "They have shown that they retain control of public space. Elected officials who had spontaneously embraced the smart city concept also realized that opinions did not follow them. In France, a survey conducted in September 2017 by Obsoco (Observatoire société et consommation) already revealed a great discrepancy between what may appear to be a goal pursued by some elected officials (the hyperconnected metropolis) and that of the French (the average city, peaceful, operating on proximity and neighborly relations). Since then, French people's distrust of technosolutionism, digital giants, and digital liberalism has only grown. Putting the City's data on the map: four scenarios from the CNILIn 2017, the CNIL's Digital Innovation Laboratory (LINC) devoted, a prospective notebook on the political and social issues of data in the city.Highlighting the consequences of the " datafication " of cities on public policies, and in particular on the relationships and power relations between private platforms and urban decision-makers, this study puts the "Smart City" approaches into perspective through the lens of the platform economy, and the power relations between public actors, private actors (in mobility, flows, civic techs) and citizens. In the last part, the study explores four prospective regulatory scenarios that would allow for a private/public rebalancing through data. How to organize a return to the public actor of data produced through individuals in the context of services provided by private actors? How can we allow these public actors to reuse this high value-added data for purposes of general interest, while respecting the rights of the companies in question, as well as the rights and freedoms of the individuals concerned?When the economic models of platforms transform the city: the arrival of major digital players in urban services (Sidewalk CityLab, Waze, Uber or Facebook) raises questions about the quid pro quo asked of individuals, and about those asked of public players.The fluid city: who benefits from the flows? The promise of the fluid city raises the question of the freedom and rights of individuals, who sometimes tend to be reduced to the status of the city's encumbrances, a sum of elements to be optimized and problems to be resolved by technology.Towards a "private browsing" mode in public space? The imperatives of security and the generalization of the devices of capture put at evil the anonymity, however constitutive of the city.These four proposals range from "mandatory private open data" to "citizen portability" through "augmented general interest data", and data access platform solutions. Intelligent territory and connected local public service: which tools for a controlled development?The IGA in a report on intelligent territories and connected local public servicespublished in January 2022, the IGA noted the "dynamics of intelligent territories".A wide variety of local initiativesThis theme of intelligent cities and territories is "one of the aspects of current territorial development policies. It marks an evolution in the relationship between digital technology and public initiative, "still largely dominated,in terms of financial commitment, by the question of infrastructure, from the deployment of successive generations of mobile telephony to that of optical fiber . "This dynamic is not uniform across the country," the authors of the report observe. It is reflected in "an extraordinary variety of local initiatives. These initiatives sometimes claim to be intelligent territories, and sometimes they are de facto linked to them. The projects launched tend to meet several objectives: optimizing public services (budget savings, reducing environmental impact, user satisfaction), renewing citizen participation in local public life, and increasing the attractiveness of a territory.A lack of strategic frameworkThe IGA mission points to " a frequent absence of strategy and evaluation of the coherence and impact of digital developments." These weaknesses can, however, be explained by the strong evolutionary nature of possible uses and technological solutions. Consequently, it is much more the pooling of practices, solutions, and feedback (including failures), than the construction of a model, the contours of which would clash with the very specific needs of each territory, that can be beneficial to the actors carrying these projects. Although exchange networks exist, through associations of elected officials or support institutions, there is no single formalized place for pooling. The state can play a leading role in this, facilitating pooling at both the national and local levels." Despite a few models that are thought out and globally represented as such (e.g. Angers, Dijon), which nevertheless regularly start with a defined number of uses (or "business verticals": lighting, roads, water/sanitation, etc.), the iterative approach dominates." " Local actors face obstacles when it comes to placing smart territory projects within a strategic and programmatic framework: the diffuse nature of the digital revolution, which affects trades that were previously managed in silos in a transverse manner, the speed of technological innovation , but also the inadequacy or even absence of engineering for the development of their projects. On this basis, "there is no set model for intelligent territories, but a set of principles, objectives and fields of action that can bring them together, sometimes enlightened by shared experiences.Insufficient consideration of security, sovereignty and digital sobriety issuesThe IGA mission also points to a consideration of the issues of security, sovereignty and digital sobriety " still insufficient, although it is progressing." The increase in computer attacks makes local actors more receptive to the recommendations of the National Agency for Information Systems Security (ANSSI), which plays a central role in security and requires a sustainable effort."The IGA mission proposes the following definition of sovereignty: "Sovereignty is a field close to security, but which refers to the control of the use of the data collected. As these are the results of public action, even under delegated management, it is legitimate for the local authorities responsible for the services in question to retain the lead role in this area. However, they are sometimes in difficulty when faced with service providers who, for example, withhold information in the name of business secrecy, or when faced with digital companies whose capacity to capture and exploit data is often much greater than that of public actors and who are fond of data that is considered open.The Mission observes that local authorities "experience in a very concrete way the relationship, sometimes a power struggle, with large private entities and in particular with GAFAM (Google, Apple, Facebook, Amazon ), sometimes trying to remedy the situation (e.g., the data charter in Nantes mentioned above). But they are often deprived in terms of technical means and levers of action.Assessing the overall environmental impact of digital technology "is still a new subject, which requires the deployment of new methodologies.Local digital governance is not very participatory, despite emerging initiatives "Moving from very top-down approaches, sometimes justified by technical reasons, to a construction involving citizens and users is a necessity, if only to facilitate the acceptance of new forms of public service.In this regard, the IGA mission points out " several shortcomings in the way connected territory projects are governed: an organization in silos, a very vertical operation, a lack of expertise, little anticipation (...) But above all, the production of digital developments of public services has a common characteristic: it is a top-down production generally conceived and/or put into service with little or no participation of its recipients, whether they are agents or users.Do not exclude a part of the population from access to public servicesAll the actors we met, " the authors of the report point out, "have identified the risk of smart territories that would exclude part of the population from access to public services. As a result, many initiatives led by the State (digital advisors), local authorities (digital inclusion actions, maintaining a mix of physical and digital public services) and associations have been put in place to limit the risk of exclusion. These one-off measures must be part of a long-term approach that takes into account the digital revolution and the transformation of public services.A flexible and agile framework and a sharing of practicesFor the authors of the report, " the balanced and optimized deployment of intelligent territories suffers from this lack of a strategic framework, just as it suffers from shortcomings in terms of evaluation": they call for the construction of a development model as well as the sharing of practices."The successful development of digital uses of local public services requires both a flexible and agile framework and a better-constructed support offer to territories, particularly by the State.On the first point, the IGA mission notes first of all " the need for local actors to take the measure of user demand and to encourage participatory approaches in the analysis of needs and the identification of the digital public service offer. But to be satisfied, this approach should be largely inspired by the provision to local authorities of a simplified methodology inspired by impact studies or even adapted public utility surveys. In this respect, and in order to compensate for the lack of local expert resources, either internal or external, for many local authorities, the Mission calls for "the development of structures for the pooling of resources, such as mixed syndicates"."More generally, the authors of the report add, "if local actors do not demand that a 'ready-made' digital development model be proposed to them, they remain, on the whole, quite helpless when it comes to building a 'tailor-made' response to the needs of their territory in this area.Expectations of the StateAt the central level, however diverse it may be, the State's action " lacks coordination and legibility. It needs clearer guidance and affirmation of its position in the fields where it is most expected by the decentralized authorities: security and sovereignty, standardization and its industrial impacts, evaluation and experience sharing." It is also important to strengthen the capacities of decentralized services, as their current weaknesses too often prevent them from playing their role in supporting local projects, with the redeployment of available resources from infrastructures to uses being a hypothesis to explore.Expectations of the State also relate to the tools deployed. "The logic of calls for projects, while it creates a dynamic in the ecosystem and may seem adapted to a nascent and evolving subject, suffers from limitations: it instills a dynamic in "fits and starts" and only benefits project leaders who are sufficiently informed, sized and ready on the date of the launch.The IGA mission also mentions the question of " the support engineering offered to beneficiaries in need, or even the reorientation of its interventions towards a more structured multi-year approach, if it is decided to launch a national policy for intelligent territories.Finally, the State is expected to "take into account cross-cutting issues and/or issues requiring national impetus (e.g., cybersecurity, standardization), in association with local or sectoral ecosystem players (local authorities, businesses). Panorama: from the smart city to the reality of connected territoriesThe diagnosis and recommendations of the IGA are largely consistent with those of a study on the deployment of smart territory tools and methods in FranceThe IGA's diagnosis and recommendations are largely in line with those of a study on smart territory, commissioned by the Direction générale des Entreprises (DGE), the Fédération française des télécoms (FFT), the Syndicat professionnel des fabricants de fils et de câbles électriques et de communication (SYCABEL), the Alliance française des industries du numérique (AFNUM) and the INFRANUM federation (which brings together companies and territories).The objective of this study was twofold: to contribute to the definition of a possible French model of the intelligent territory and to produce recommendations to promote its definition.Its authors (a consortium including Civiteo, Datactivist - Innopublica, KPMG and Parme Avocats) conducted more than 70 hearings and interviews and led a dozen workshops between January and July 2021. In total, more than 150 people were interviewed and/or took part in collective work sessions.The authors of the study have undertaken to define what is meant by the term " intelligent territory", to conduct a survey (use cases, technologies selected, economic models, data management, mutualization, interoperability, norms and standards, use of open source) and then, by analyzing the trajectories of pioneering territories, to identify a possible French model.From smart city to smart territory"In the absence of a shared definition, the authors of the study observe, " the multiple stakeholders are today facing real difficulties. They are waiting for words to be proposed to characterize the actions underway in the territories and for concrete and workable definitions to be established behind the fragile concept of the whole.First of all, local elected officials: "whatever the size of the community, they see the opportunities and challenges of using new digital tools to improve the performance, variety and quality of services offered to their constituents. But they do not have a reference framework that explains in a simple way the meaning and relevance of the choices they make or would like to make. In addition, elected officials legitimately do not want to undergo a digital transformation that would be uniformly imposed on everyone.Then there are the companies, large groups that operate the main urban functions, infrastructure managers, digital services companies or start-ups of local or national scope: "they are seeking to stabilize one (or more) model(s) for the deployment of intelligent territories in which their service offering will provide significant value to public policies. Moreover, they "sometimes take a critical look at the capacity of local authorities to deploy large-scale projects. They point to a lack of technical expertise, cumbersome purchasing procedures and siloed operations.Inter-municipal cooperation structures, such as mixed unions and public digital service operators (PSNOs): " Historically built to spearhead territorial mutualization, they represent a key link in the territorialization of digital services and technological innovation. In some areas, they are the sole contact and supplier for small and medium-sized municipalities.The actors of the territories concerned, moreover, are obviously numerous. Citizens, users of public services, associations, training establishments, various businesses in the territories, merchants, public establishments, actors in the mixed economy and the social and solidarity economy or in the health sector: "All are potentially beneficiaries and impacted by territorial management choices. In the absence of a model or a definition that is available and easily shared, they are confronted with difficulties in understanding the issues at stake, and this creates the risk of misunderstandings, controversies and polemics.Terminology: Smart City or intelligent territory?A first result of this study is to "settle the question of words. " The majority of the actors interviewed prefer the term " smart city " to "smart territory".This is due to the very nature of the territories involved. "In 2017, less than thirty territories had initiated a smart project. All were major cities or metropolises. In 2021, more than 200 territories in France have initiated projects incorporating digital innovations. They are of all sizes. The issue is no longer that of cities, but that of territories (urban, suburban, rural).If " the ingenious and positive dimension of the word smart is not fully reflected in the choice of the word intelligent (clever)", it is adopted as such and "suits (almost) everyone"."An intelligent territory is structured on the basis of objectives, but also of principles and values.A smart territory is defined first and foremost by the use of digital tools. It mobilizes new tools and makes digital innovation a political issue (or even a public policy in its own right). "Local public services are therefore engaged in a process of digital transformation for one or more core businesses of territorial action. Since this transformation involves the collection and production, then the transport, storage and processing of data, the territory is also described as "connected". (in reference to the interactions between the Internet of Things and the new capacity to link different fields of public action, previously compartmentalized).This technical characteristic does not embrace the whole dimension of the subject: "An intelligent territory is structured from objectives, but also from principles and values".An intelligent territory must, moreover: In sum, the authors conclude, " if the territory is intelligent, it is because the actors who live there are able to shape it thanks to a reasoned use of the technologies that are present there.to inscribe its action in principles concerning ecological transitions, the carbon footprint of public action and the territory, and the trajectories necessary to respect the Paris - COP21 agreements.to contribute to the better living of its inhabitants by providing them with the best possible services, more proximity, more services respectful of the environment and health, more inclusion.involve citizens. It contributes to participatory democracy, to the co-construction of public decisions and to the evaluation of public policies through new tools.know how to mobilize all its resources, human, financial and environmental, to transform itself.A smart territory is first and foremost a territory"Building an intelligent territory is a way of building and implementing a territorial project. Or more precisely, a way of affirming that the method is consubstantial with the project.This construction is local: it involves the actors of the territory: these territorial actors are multiple and " an intelligent territorial project only takes shape when there is a meeting between a vision (the political project) and actors who collaborate in its construction and/or its implementation when they usually do not".In reality, the authors of the study observe a variety of configurations. " Elected officials get involved without the structured support of their administrations, managers push without the support of their elected officials. Innovative ecosystems emerge without the support of the community.Some professions and many use casesWhile "all of the local authority's business lines are now potentially concerned", certain business lines are the focus of experimentation, investment and the first effective deployments."The businesses concerned by the main investments and actual deployments have a common characteristic: they are flow businesses whose structural organization is already based on networks and whose management has long relied on data. These are mobility, energy management (including public lighting), water management and waste management.A few other professions are emerging, notably those of the environment in the broadest sense of the term (air quality, for example), heritage management, tourism and commerce, which also lend themselves to the deployment of sensors and the collection of measurements and data useful for steering public action."A few rare global projects integrate several "business verticals" but there are many territorial projects that start with one or another of the themes (for example, digitization actions in support of local businesses during the health crisis)."There is no consensus on the subject of security and the " safe city ". "Eminently political, the decision of elected officials to use innovative digital tools to build or complete security management systems in public spaces is considered by some as an essential component of the intelligent territory and by others as a component to be excluded.Technological choices and infrastructuresAll the innovations tested and deployed are based on technology and infrastructure choices."Local authorities are questioning the appropriateness of new investments and the sustainability of current choices. For certain uses, data collection from an ever-increasing variety of sensors can be done via fiber, low-speed networks, 4 or 5G. For identical projects, some companies are promoting Bluetooth technology, others Wi-Fi.Some structural questions remain unanswered to this dayData hosting: "Should we develop integrated urban data platforms for some, and use them for others? Should innovative storage technologies be used, by installing real data lakes (especially in the announced perspective of using algorithms endowed with artificial intelligence)?"Is it useful to have a digital twin, and how much does it cost? (the digital twin is a tool for simulating and anticipating the impacts of many public decisions (urban planning, mobility, energy, environment, carbon footprint...). " The current prototypes are financially inaccessible for most territories"."Should the intelligent territory project be headed by a hypervisor? This control and management tool can bring together in a single place the digital management of several urban functions (as is the case in Dijon); or it can be a software assembly of dashboards useful to elected officials and general management, with each of the technical functions managed and supervised by an autonomous system (not to say in silo).Another concern is the question of how these tools are developed: open source or not.A diversity of economic models"Defining the value chain of an intelligent territory is a complex exercise. It integrates multiple components that depend on each territory, the businesses involved, and the possible stakeholders. It is not only economic, but also social and environmental," say the authors.For some cases, an economic model can be described. In some cases, an economic model can be described: "Here, savings are made (for public finances, but also for energy or water not consumed). Elsewhere, pollution is avoided, waste is better sorted, materials are recycled. New services created thanks to richer tools and methods of cooperation thanks to digital tools. New revenues and/or avoided expenses, performance objectives, service commitments, all of these elements can be integrated into the classic management methods and contracts of territorial public action.The authors note that public and private players are "looking for simple models that provide proof of return on investment, but the legitimate diversity of expectations and the complexity of offers make this a perilous exercise.Intelligent territories: a method  The concept of intelligent territory is also defined by the method. " If we listen carefully to the stakeholders, a few principles govern it. It is almost systematically a question of transversality, experimentation and user involvement. Of course, data management plays a special role.An intelligent territory project can be designed, prepared and implemented in a global, cross-cutting and uncoordinated way, as in Dijon or Angers, or also in La Rochelle and Cozzano. It can also be deployed initially by choice of a priority (the management of downtown businesses in many "Action Cœur de ville" areas), or by opportunity (when a concession is renewed on the proposal of public lighting or parking management operators, etc.).A smart territory frequently uses learning methods that make room for experimentation, prototypes or proofs of concept (POC). "In principle, this experimental method calls for generalization and "scaling up" of successful experiments. It is clear that the method comes up against many difficulties and that the innovations incubated and validated as real sources of progress for the territory do not easily find the relays (financial, technical, methodological, human, political) allowing their deployment. Finally, the governance of an intelligent territory project is based on analyzing and listening to the needs of residents and users. "Depending on the project, more or less sophisticated design methods are used (with, for example, the use of Ux design workshops and the temporary or permanent installation of a living lab). However, these methods do not seem to be compulsory. Nor is the effective integration of residents in the governance of projects.Data managementA common feature of all the projects is the consensus among the actors of the smart territory projects: " the digital systems deployed produce, consume and use more and more massive data" . Data management is associated with data publication. The opening of data is presented both as a legal obligation and as a democratic counterpart to the increased use of digital tools and data-driven management. "In concrete terms, in France today, most local authorities that have implemented smart territory projects have at least one open data portal and are beginning to disseminate data collected or produced by these new systems.Structuring data management requires skills and tools: however, it is "very rarely anticipated in intelligent territory projects. This is true for local authorities, but it is also true for the local teams of companies in charge of operating digitized public services. While the need to build a framework and rules for data governance within smart territories is perceived by all, "no model is emerging, with the possible exception of the first legal rules experimented by a few territories.MutualizationAmong the key questions are those of mutualization: investment, public purchasing processes, governance, and sharing of experiences. "While the principle is interesting, there are still strong questions about the possible legal arrangements, the relevance of the proposed assemblies or the most effective perimeters.SovereigntyThe notion of sovereignty is very present in smart territory projects: it refers however to different meanings."For some, the intelligent territory must demonstrate economic patriotism (some local authorities express the risk of overcosting French solutions in the face of foreign competitors). For others, sovereignty is first and foremost an issue of digital sovereignty and data protection, the question being more European than French. For still others, the issue is local and the intelligent territory must guarantee territorial public sovereignty over the tools and data used to manage public services.Digital SobrietyAs smart territories integrate objectives for a sustainable ecological and energy trajectory, the issue of digital sobriety is logically brought to the fore. "While some initiatives (in La Rochelle, for example) illustrate this concern, the issue remains largely embryonic and sometimes focuses on the energy consumption of data collection and storage systems. However, it is a much broader issue, including the origin of digital equipment, its maintenance, reconditioning and the entire purchasing policy of the local authority. A set of common objectives for intelligent territories is emerging"If there is no French model of intelligent territory," conclude the authors, "the projects of intelligent territories today in France have as common objectives to use new digital tools and the piloting of public services by the data to : To do this, smart territories must:A global political project that works towards universal principles of progress by integrating responses to the challenges of ecological transitions;A local political project that contributes to the better living of the inhabitants by improving the quality, efficiency and effectiveness of the services provided to them, taking into account the political priorities and specificities of each territory;A democratic project that involves citizens in the governance of projects, ensuring that the use of digital technology does not create new divides;An economic project that contributes to the image and attractiveness of the territory for the benefit of all its stakeholders.Think about the use of digital tools in a way that is consistent with the general objectives and aim in particular for digital sobriety;Involve new actors, or make possible new forms of involvement of public and private actors of the territory (without a predefined perimeter of the new stakeholder communities);Consider opportunities for mutualization and alliance of territories;Favour agile methods in each phase of their projects;Ensure that public control of governance, digital tools and data used is maintained;Integrate more globally the principles of sovereignty in the choice of technologies and tools;Rigorously protect residents' personal data;Integrate responses to emerging cybersecurity issues. 715 local authorities committed to open public dataAccording to the OpenDataFrance Territory Open Data Observatory, in October 2021, 14% of the 4,605 local authorities concerned by the obligation to open public data had opened at least one set of data. 715 local authorities (and 178 associated organizations) publish data in open data, an increase of 21% in one year for all local authorities. The opening up of the market concerns, in the first place, the metropolises and large cities and regions. 94% of the regions, 60% of the departments and 60% of the cities with more than 100,000 inhabitants have taken steps to open up their businesses.

• Innovation

Published on 27/09/22



More than 28,000 data protection officers (DPOs): better integrated, motivated but insufficiently trained

When the General Data Protection Regulation (GDPR) came into force General Data Protection Regulation (RGPD), the number of Data Protection Officers (DPO) appointed by the CNIL was 21,000. This figure has been rising steadily to reach 25,494 in 2020 and 28,810 in 2021.L'annual study of the data protection officer professionhe annual study conducted by the Ministry of Labor shows a diversification of profiles and a growing importance of the DPO profession, whose designation is mandatory in certain cases. DPOs with more diverse profiles, but insufficient training 58% of the DPOs surveyed are satisfied with the performance of their duties; 87% are convinced of the usefulness of their position. They also wish to continue their missions with a strong motivation of 67%; 47% come from fields of expertise other than law and IT: for example, administrative and financial profiles or profiles related to quality or compliance-audit; 1/3 have not received any IT and Freedom/RGPD training since 2016, even though more and more of them are neither lawyers nor IT specialists. The profile of the DPO in 2021 72% perform their function as internal DPO; 71% work outside the Île-de-France region; 62% have a master's or doctorate degree; 63% are 40 years of age and older; 55% have been in the DPO position for 2 years or less. The study highlights an equal representation of women and men among DPOs. Internal, external or shared DPOs The RGPD has made the appointment of a data protection officer compulsory for public bodies and companies whose core business leads them to carry out regular and systematic monitoring of individuals on a large scale, collecting and re-using sensitive data or data relating to criminal convictions and offences.The appointment of a DPO is strongly recommended in all cases. The DPO allows to support the compliance with the RGPD, to answer to the requests of exercise of rights of the persons and to reduce the risks of litigation.Depending on the organizational choices of the structures, there are 3 types of DPO: Internal DPO, who is an employee of a single organization; Internal shared DPO, who is a shared employee for several data controllers; External DPO, who is independent or employed by a specialized organization (public digital services organizations, consulting firm, law firm, etc.). The study on the DPO's job was led by the Ministry of Labor, which mobilized the National Agency for Adult Vocational Training (AFPA) for this purpose. It received the support of the CNIL, the French Association of Data Protection Correspondents (AFCDP) and the ISEP, a digital engineering school.

• Data

Published on 03/06/22