France mutualises its network infrastructure to secure its IT

Published on: 20/07/2015
Document

The inter-ministerial network of the State (RIE) is a key project in the modernisation of the State’s information system, and by extension, of public action in France. It aims to pool the existing networks – and replace them – with a new unified infrastructure. This will connect all governmental sites, central and decentralised administrations, on French territory (including overseas territories); 17 000 sites will be connected by 2017. To date, around 4 000 sites are connected to the RIE. The objective is for 9 000 users to use the network.

  The RIE has the following aims:
  • to simplify and streamline the exchange of information between ministries and departmental entities, and to optimise services for agents and users;
  • to better secure the information system of the State and enhance the global IT security as the number of cyber attacks grows;
  • to optimise an infrastructure in order to provide unified service catalogues and reduce costs through mutualisation.

 

 

 

Policy Context

  • The inter-ministerial network of the State (RIE) was one of the measures dictated by the Prime Minister of the time at the Council of Ministers of 25 May 2011. These measures aim to strengthen the security of the State’s information systems, ‘notably in response to the proliferation of large-scale computer attacks in France’. It was decided to set up ‘an inter-ministerial security policy for the State’s information systems to homogenise and increase security in all ministries. In this context, a secure inter-ministerial network bringing together all ministries and networks and enabling the continuity of the government’s action in case of serious malfunction of the Internet, will be established.’
  • The RIE is an essential element of the digital acceleration strategy of public action and is a key focus of the roadmap of the Comité interministériel de la modernisation de l’action publique (CIMAP – the inter-ministerial committee for the modernisation of public action) of 18 December 2012. Decision No 36 deals with the modernisation and pooling of technical infrastructure, and with the strengthening of control and consistency of information systems. ‘A master plan for infrastructure to streamline the data centre at an inter-ministerial scale will be produced in the first half of 2013,’ the text states.
  • A decree of 19 December 2012 mentioned the creation of a national service called the ‘Inter-ministerial Network of the State’. The text says: ‘This service is responsible for managing the inter-ministerial network of the State, [which is] a unified network connecting all central and decentralised governmental departments, and related services’.
  • The RIE became a foundation for the State’s information system, under the responsibility of the Prime Minister, in a decision of August 2014. This system will be run by the Direction interministériel des systèmes d’information et communication (DISIC). The French State’s information technology is unique in fostering the sharing, consistency and interoperability of systems.

Description of target users and groups

RIE's target users include all of France's public administrations, particularly those involved in IT.

Description of the way to implement the initiative

France has decided to mutualise its network infrastructure by building an inter-ministerial network (Réseau Interministériel de l’état, or RIE), which will be connected to ministries and departmental authorities. By leveraging the optical network Réseau national de télécommunications pour la technologie, l'enseignement et la recherche (RENATER, the network for teaching and research in France), France has achieved savings of EUR 20 million. This vast network helps to strengthen the security of the State’s systems to ensure a unified management and maintenance, and serves as a basis for the State’s information system, which is key to the modernisation of public action.   Governance: A single operator and an inter-ministerial collaboration   The development and operation of the RIE were allocated to a single public operator, the Service à Compétence Nationale (SCN) RIE, via a decree published on 17 December 2012. This operator, attached to the DISIC, is composed of civil servants from several ministries and relies on the principles of co-creation and mutual governance.  About 40 people from nine ministries operate the SCN RIE. SCN RIE also supports the provision of native network services such as Internet access. The RIE will also deliver messaging and directory services.   A mutualised infrastructure   One of the key aspects of the RIE is that it uses an existing network. In order to reduce the building costs of a dedicated infrastructure, it was decided that the RIE should rely on the existing fibre optic network RENATER. A partnership was signed in 2012 by the Groupement d’intérêt public (GIP), RENATER and DISIC. The RENATER network is made up of 11,900 km of optical fibres, interconnecting universities, research centres, secondary schools, hospitals (Center hospitalier universitaire or CHU) and public cultural organisations.   The RIE has a 10 Gb backbone that is highly scalable, with 12 national points of collection (data centres) in which the high-speed routers are located.   Efforts to join the administrations to the RIE will be made step by step, in order to meet their needs. This interconnection is progressive so as to ensure the continuity of inter-ministerial flows of data using the interconnection network ADER / SIGMA. This network interconnects the existing ministerial networks to not only exchange data but also to allow the use of applications shared by ministries. Ultimately, 15 systems of ministries should be ported.   This progressive junction of the 17 000 sites was the subject of four tenders: one for the Ministries of Agriculture, Culture, Ecology, Interior, Health and Labour; a second for the interconnection of the 3 300 sites of the Direction Générale des dépenses publiques (DGFIP, or the General Direction of Public Finance) and the Institut National de la Statistique et des Études Économiques (INSEE); a third for the interconnection of the 4 200 sites of the National Gendarmerie; and a fourth to interconnect the 1 600 sites of the Ministry of Justice and Customs.   Securing the IT infrastructure of the State   In light of the State facing increasing cyber threats, the RIE will also improve the State’s information systems by offering a unified security management. The RIE will also ensure the resilience of the global IT infrastructure, securing the continuity of ongoing services.   The RIE provides a highly secure access to the Internet. The French company that won the tender mentions that the security gateways were implemented in order to provide ‘a flow filtering service to and from the Internet, web browsing, file transfers, email sending, and receiving to and from the Internet’.   The National Agency of Computer Security (ANSSI) works with SCN RIE to secure the global network.   Streamline data exchanges   The RIE also facilitates the exchange of cross-jurisdictional data, including in decentralised entities. Since 2010, these have been grouped into three areas:
  • Directions départementales des territoires (DDT or local direction of territories);
  • Directions départementales de la cohésion sociale et de la protection des populations (DDCS  and DDPP, or local direction for social cohesion and population safety);
  • Prefectures and sous-prefectures.
  These three entities use separate networks, the Government’s website states. DDT uses that of the Ministry of Agriculture and the Ministry of Ecology ; the DDCS and the DDPP, the network of the Ministry of Health ; and the prefectures, the Ministry of Interior. ‘[Without the RIE], communications are difficult and complex.’ 

Lessons learnt

  • A centralised maintenance.
  • The management of security through a single entry point and a single channel for exchanging data.
  • The RIE has already a proven network infrastructure and is widely deployed (RENATER). This reduces operational costs and deployment times.
  • While relying on RENATER, the RIE remains autonomous in its maintenance, its operation and its management through the SCN RIE.
  • The RIE promotes the standardisation of distribution tools (including the remote installation of applications, patches or antivirus). The aim is to make the IT infrastructure more homogeneous.
  • IT support is simplified in the ministries.  Today, the governmental entity in charge of IT support at local level (le Service Interministériel départemental des systèmes d’information et de communication, or SIDSIC) provides support through three separate networks (see above). With the RIE, IT support can be globally standardised through the use of computer tools, such as remote control.

    Costs

    By using the existing infrastructure of the fibre optic network RENATER, EUR 20 million savings have been achieved. On average, administrations could save 30 % of their annual operating budget that is currently dedicated to network administration. The cost of the overall project is estimated at less than EUR 15 million.
Scope: National

Categorisation

Type of document
General case study