cybersécurité, attaques informatiques, attacks

Governments, banks, and hospitals: all victims of cyber-attacks

Hervé Debar, Télécom SudParis – Institut Mines-Télécom

Cyber-attacks are not a new phenomenon. The first computer worm distributed via the Internet, known as the “Morris worm” after its creator, infected 10% of the 60,000 computers connected to the Internet at the time.

Published back in 1989, the novel The Cuckoo’s Egg was based on a true story of computer espionage. Since then, there have been any number of malicious events, whose multiple causes have evolved over time. The initial motivation of many hackers was their curiosity about this new technology that was largely out of the reach of ordinary people at the time. This curiosity was replaced by the lure of financial reward, leading firstly to messaging campaigns encouraging people to buy products online, and subsequently followed by denial-of-service attacks.

Over the past few years, there have been three main motivations:

  • Direct financial gain, most notably through the use of ransomware, which has claimed many victims.
  • Espionage and information-gathering, mostly state-sponsored, but also in the private sphere.
  • Data collection and manipulation (normally personal data) for propaganda or control purposes.

These motivations have been associated with two types of attack: targeted attacks, where hackers select their targets and find ways to penetrate their systems, and large-scale attacks, where the attacker’s aim is to claim as many victims as possible over an extended period of time, as their gains are directly proportional to their number of victims.

The era of ransomware

Ransomware is a type of malware which gains access to a victim’s computer through a back door before encrypting their files. A message is then displayed demanding a ransom in exchange for decrypting these files.

Kaseya cash register software

In July 2021, an attack was launched against Kaseya cash register software, which is used by several store chains. It affected the Cloud part of the service and shut down the payment systems of several retail chains.

The Colonial Pipeline attack

One recent example is the attack on the Colonial Pipeline, an oil pipeline which supplies the eastern United States. The attack took down the software used to control the flow of oil through the pipeline, leading to fuel shortages at petrol stations and airports.

This is a striking example because it affected a visible infrastructure and had a significant economic impact. However, other infrastructure – in banks, factories, and hospitals – regularly fall victim to this phenomenon. It should also be noted that these attacks are very often destructive, and that paying the ransom is not always sufficient to guarantee the recovery of one’s files.

Unfortunately, such attacks look set to continue, at least in the short-term, given the financial rewards for the perpetrators: some victims pay the ransom despite the legal and ethical questions this raises. Insurance mechanisms protecting against cyber-crime may have a detrimental effect, as the payment of ransoms only encourages hackers to continue. Governments have also introduced controls on cryptocurrencies, which are often used to pay these ransoms, in order to make payments more difficult. Paradoxically, however, payments made using cryptocurrency can be traced in a way that would be impossible with traditional methods of payment. We can therefore hope that this type of attack will become less profitable and riskier for hackers, leading to a reduction in this type of phenomenon.

Targeted, state-sponsored attacks

Infrastructure, including sovereign infrastructure (economy, finance, justice, etc.), is frequently controlled by digital systems. As a result, we have seen the development of new practices, sponsored either by governments or extremely powerful players, which implement sophisticated methods over an extended time frame in order to attain their objectives. Documented examples include the Stuxnet/Flame attack on Iran’s nuclear program, and the SolarWinds software hack.

SolarWinds

The attack targeting Orion and its SolarWinds software is a textbook example of the degree of complexity that can be employed by certain perpetrators during an attack. As a network management tool, SolarWinds plays a pivotal role in the running of computer systems and is used by many major companies as well as the American government.

The initial attack took place between January and September of 2019, targeting the SolarWinds compilation environment. Between the fall of 2019 and February 2020, the attacker interacted with this environment, embedding additional features. In February 2020, this interaction enabled the introduction of a Trojan horse called “Sunburst”, which was subsequently incorporated into SolarWinds’ updates. In this way, it became embedded in all of Orion’s clients’ systems, infecting as many as 18,000 organizations. The exploitation phase began in late 2020 when further malicious codes downloaded by Sunburst were injected, and the hacker eventually managed to breach the Office365 cloud used by the compromised companies. Malicious activity was first detected in December 2020, with the theft of software tools from the company FireEye.

This has continued throughout 2021 and has had significant impacts, underlining both the complexity and the longevity of certain types of attack. American intelligence agencies believe this attack to be the work of SVR, Russia’s foreign intelligence service, which has denied this accusation. It is likely that the strategic importance of certain targets will lead to future developments of this type of deep, targeted attack. The vital role played by digital tools in the running of our critical infrastructure will doubtless encourage states to develop cyber weapons, a phenomenon that is likely to increase in the coming years.

Social control

Revelations surrounding the Pegasus software developed by NSO have shown that certain countries can benefit significantly from compromising their adversaries’ IT equipment (including smartphones).

The example of Tetris

Tetris is the name given to a tool used (potentially by the Chinese government) to infiltrate online chat rooms and reveal the identities of possible opponents. This tool has been used on 58 sites and uses relatively complex methods to steal visitors’ identities.

“Zero-click” attacks

The Pegasus revelations shed light on what are known as “zero-click” attacks. Many attacks on messaging clients or browsers assume that an attacker will click a link, and that this click will then cause the victim to be infected. With zero-click attacks, targets are infected without any activity on their part. One ongoing example of this hack is the ForcedEntry or CVE-2021-30860 vulnerability, which has affected the iMessage app on iPhones.

Like many others, this application accepts data in a wide range of formats and must carry out a range of complex operations in order to present it to users in an elegant way, despite its reduced display format. This complexity has extended the opportunities for attacks. An attacker who knows a victim’s phone number can send them a malicious message, which will trigger an infection as it is processed by the phone. Certain vulnerabilities even make it possible to delete any traces (at least visible traces) that the message was received, in order to avoid alerting the target.

Despite the efforts to make IT platforms harder to hack, it is likely that certain states and private companies will remain capable of hacking into IT systems and connected objects, either directly (via smartphones, for example) or via the cloud services to which they are connected (e.g. voice assistants). This takes us into the world of politics, and indeed geopolitics.

The biggest problem with cyber-attacks remains identifying the origin of the attack and who was behind it. This is made even more difficult by attackers trying to cover their tracks, which the Internet gives them multiple opportunities to do.

How can you prevent an attack?

The best way of preventing an attack is to install the latest updates for systems and applications, and perhaps ensure that they are installed automatically. The majority of computers, phones and tablets can be updated on a monthly basis, or perhaps even more frequently. Another way is to activate existing means of protection such as firewalls or anti-virus software, which will eliminate most threats.

Saving your work on a regular basis is essential, whether onto a hard drive or in the Cloud, as is disconnecting from these back-ups once they have been completed. Back-up copies are only useful if they are kept separate from your computer, otherwise ransomware will attack your back-up drive as well as your main drive. Backing up twice, or saving key information such as the passwords to your main applications (messenger accounts, online banking, etc.) in paper form, is another must.

Digital tools should also be used with caution. Follow this simple rule of thumb: if it seems too good to be true in the real world, then there is every chance that it is also the case in the virtual world. By paying attention to any messages that appear on our screens and looking out for spelling mistakes or odd turns of phrase, we can often identify unusual behavior on the part of our computers and tablets and check their status.

Lastly, users must be aware that certain activities are risky. Unofficial app stores or downloads of executables in order to obtain software without a license often contain malware. VPNs, which are widely used to watch channels from other regions, are also popular attack vectors.

What should you do if your data is compromised?

Being compromised or hacked is highly stressful, and hackers constantly try to make their victims feel even more stressed by putting pressure on them or by sending them alarming messages. It is crucial to keep a cool head and find a second device, such as a computer or a phone, which you can use to find a tool that will enable you to work on the compromised machine.

It is essential to return to a situation in which the compromised machine is healthy again. This means a full system recovery, without trying to retrieve anything from the previous installation in order to prevent the risk of reinfection. Before recovery, you must analyze your back-up to make that sure no malicious code has been transferred to it. This makes it useful to know where the infection came from in the first place.

Unfortunately, the loss of a few hours of work has to be accepted, and you simply have to find the quickest and safest way of getting up and running again. Paying a ransom is often pointless, given that many ransomware programs are incapable of decrypting files. When decryption is possible, you can often find a free program to do it, provided by security software developers. This teaches us to back up our work more frequently and more extensively.

Finally, if you lack in-house cybersecurity expertise, it is highly beneficial to obtain assistance with the development of an approach that includes risk analyses, the implementation of protective mechanisms, the exclusive use of certified cloud services, and the performance of regular audits carried out by certified professionals capable of detecting and handling cybersecurity incidents.

Hervé Debar, Director of Research and PhDs, Deputy Director of Télécom SudParis.

This article has been republished from The Conversation under a Creative Commons licence. Read the original article (in French).

Technologie positive, stress

Can technology combat chronic stress?

Stressors in individuals can occur on a regular basis, especially in uncertain contexts such as the current health situation. To prevent a state of stress from becoming chronic and causing mental health problems, approaches involving positive technologies could help people to improve their resilience. Anuragini Shirish, a researcher at Institut Mines-Télécom Business School, describes her work on this subject.

Why is it important to reduce stress in people in general?

Anuragini Shirish: According to the latest estimates in 2017, 792 million people worldwide are diagnosed with mental health problems, 284 million and 264 million of whom reportedly suffer from anxiety and depression respectively. The physiological state of chronic stress is a major risk factor for the development of these diseases. Avoiding – or at least limiting – this state of chronic stress in individuals could therefore significantly reduce the risk of developing these diseases and improve their living conditions in general.

How do people develop a state of chronic stress?

AS: We have made great strides in our understanding of the mechanisms that induce stress. Stress was formerly thought to be caused by repeated exposure to stressors, but now – especially in light of evolutionary neurobiology theories – stress is generally considered to be a default response to dangerous situations, which is inhibited by the prefrontal cortex when people perceive a sense of security. The recent “Generalized Uncertainty Theory of Stress” states that stress originates from a feeling of permanent insecurity in individuals.

How has the COVID-19 pandemic influenced individual and collective situations of chronic stress?

AS: The COVID-19 pandemic has triggered a general feeling of insecurity in many aspects, including one’s own health and that of one’s loved ones, financial stability and job security. Many people have been affected by situations of chronic stress, which has led to a significant increase in mental illnesses. Uncertainty and stress drive people to seek out responses. However, the information they find is sometimes inadequate and may even be dangerous at individual and collective levels. It is therefore important to consider how to guide these responses, especially in the context of the pandemic.

Are you suggesting the use of technology to reduce stress in a holistic way?

AS: “Positive” technology sets out to improve individual and collective living conditions. In this case, such technology can be designed to improve people’s mental states. There are several types of positive technology, many of which now consist of mobile applications, which means that they can be made available to a large portion of the population.

In concrete terms, what technological tools could help to reduce stress?

AS: This is precisely the purpose of the analysis we are seeking to provide. We have defined three types of stress-response behaviors. Certain behaviors may be favored, depending on the individuals concerned and the context.

“Hedonic” behavior seeks to reduce stress through an immediate distraction. The aim is to enjoy a brief moment of pleasure. Positive hedonic technologies provide a very rapid response to stress. Examples include video games and television series. However, their stress-reducing effects are generally short-lived. Such solutions are of fleeting benefit and generally teach people very little about how to limit their future stress.

“Social” behavior reduces stress through social interaction. Its effects last longer than hedonic behavior because people can share their emotions, help and advise each other with regard to common goals. However, the benefits remain temporary. During lockdowns, meetings of friends or family by videoconference were examples of how social positive technology facilitated responses to individual and group stress.

“Eudaimonic” behavior is related to the search for meaning and purpose. It is based on the principle of personal growth and development and helps to develop a better response to stress over time. This type of behavior is also the most difficult to master, as it requires a more substantial investment in terms of time and energy, and we would like to see positive technology increasingly used in this area. Facilitating access to eudaimonic behaviors could promote better ways to combat stress and mental health problems on the societal level.

How does a positive eudaimonic technology work?

AS: Positive eudaimonic technologies may be based on different approaches. For example, many current applications provide support for meditation, whose mental health benefits are now widely accepted. Applications related to a learning process involving personal achievement can be considered as eudaimonic technologies. We can also develop technologies for initially hedonic or social purposes, in order to facilitate access to them, which may then be used for eudaimonic purposes in a subsequent phase. The recent Heartintune application is an example of this type of approach.

What are the prospects for the development of positive technologies at the societal level?

AS: Various types of positive technologies already exist, and our next challenge is to promote their development and widespread use in order to boost resilience. We believe that the best way to do this is to use technology to promote more eudaimonic behaviors.

This could be a particularly important issue to raise at the World Health Summit in Berlin at the end of October 2021, which will focus on issues including the potential contributions of innovations and technology to the resolution of health problems.

Antonin Counillon

composites

Technology for improving the recycling of plastics and composites

Plastics and composites aren’t recycled as often as we might wish, as a result of a lack of facilities, the right technologies not yet existing or not being profitable, or hazardous waste deposits. IMT Nord Europe have been working in partnership with manufacturers to develop and improve the available technologies.

Plastics and composites get a lot of bad press, but it is hard to do without them for many objects we use every day, including our cars. In order to minimise their polluting effect, they must be recycled, but this is complicated from both a technological and an economic perspective. Two researchers from IMT Nord Europe are seeking to improve processes with a view towards industrialisation.

In order to recycle plastic, outlets have to be found for these recycled materials. One of the main stumbling blocks is the presence of pollutants, including volatile organic compounds (VOCs), which can produce unpleasant and even toxic odours. There are also very strict standards governing the emission of VOCs and odours in vehicle passenger compartments. Marie-France Lacrampe, a researcher at IMT Nord Europe, is working on a solution which is striking in its simplicity: water-assisted extrusion.

Eliminating odours

Extrusion is a process traditionally used to manufacture objects made from plastic, involving pushing a doughy material through a die of the desired cross-section. Water is injected into the extruder and the steam washes the plastic, extracting the majority of any VOCs. “A few changes need to be made to the extruder”, explains Marie-France Lacrampe. Professor Lacrampe is working alongside three industrial partners and another laboratory, with the industrial pilot expected to be operational within two years.

In order to further improve this process, the researcher intends to combine water with supercritical CO2 – pressurised CO2 which becomes a highly effective solvent. The advantage is that it removes different molecules from those removed using water.

Process organisation and eco-design

Efficient recycling normally starts with designing materials which are easy to recycle. This is particularly true when it comes to food packaging, which is often made using several different materials (cartons, thermoformed tubs or re-heatable pouches, for example). “The ideal solution is to mix compatible polymers which can then be integrated into existing recycling processes”, explains Marie-France Lacrampe.

When it comes to recycling, it’s not just a question of the technology used, but how the whole process is organised. Waste must be used as locally as possible in order to cut transport and logistics costs, requiring intelligent analysis and handling of flows.

“If we want to boost recycling rates then we have to tackle what we don’t know how to do. This is particularly true for small quantities (hazardous waste deposits) and materials which we are unable to recycle or aren’t very good at recycling such as opaque PET (the plastic used to make milk bottles, for example). We are working on recycling small quantities through additive manufacturing, the industrial version of 3D printing, extruding them again with additives so that they be reused.” 

Composites – rarely recycled

If recycling plastics isn’t always easy, just imagine what it must be like for composites, materials which are generally comprised of glass or carbon fibre and a polymer matrix. A modern aircraft such as the Airbus A350 is half-made of composites, which are used in whole sectors of industry, from transport (not just aircraft, but also cars, boats and bikes) to electronics, leisure and wind power.

Once they have reached the end of their life, composites are primarily burned in order to produce energy, which isn’t ideal from either an environmental or an economic point of view. “Solutions are being developed in the aeronautics sector to recover carbon fibres”, points out Mylène Lagardère, who is also a researcher at IMT Nord Europe. “It is mostly carbon-based composites which are used in aeronautics, which are more “noble”, making them easier to recycle.” Technology for recycling fibreglass composite does exist, but it is not yet profitable.

Developing more affordable methods

There are two possible processes for recovering fibres: a chemical process in which the matrix is dissolved in a solvent (allowing the matrix to be reused) and a thermal process in which the matrix is damaged. Matrices themselves are either thermoplastic, meaning they can be melted, or thermosetting, meaning they are damaged when heated. As a result, as Mylène Lagardère explains, “each fibre-matrix combination is processed differently,  with a different process for each product.” This is what makes recycling composites so complicated. The purer the material, the easier it is to recycle.

As we can see, improving recycling is essential, and research into this subject is rightly being prioritised. “Our aim is to develop methods which are both simple and affordable”, explains Mylène Lagardère. “Our basis is the industrial problem: if we have a deposit of materials with certain properties, then we can recover a recycled material with such properties.” The issue is that, during recycling, the properties of the material always deteriorate, as the fibres are shortened.

The recycling of composites is still very much in its infancy, but a few processes are starting to emerge,  whether in water sports, where the association APER – funded by an eco-tax on new crafts – dismantles abandoned boats, or in the wind power industry. The automobile industry is also having to adapt, with legislation requiring recycled materials to be used in the production of new vehicles.

Cécile Michaut

Large quantities of composites for recycling on the horizon?

10 million tonnes of composites are produced each year worldwide, and the market is continuing to grow at a rate of 5% year on year. But recycling is set to really accelerate: composites whihe arrived on the market 20 to 30 years ago are now reaching the end of their lives. 50,000 tonnes of wind turbine rotors will need to be recycled between 2021 and 2022. In 2023, 25,000 boats, three-quarters made from composites, are to be dismantled. 4,000 railway carriages are also awaiting dismantling. Although resources remain limited (15,000 tonnes of production waste and 7,000 tonnes of materials at end of life in 2017), significant growth is anticipated. Processes mut develop and organise in order to become sustainable.

Also read on I’MTech

zero-click attacks

Zero-click attacks: spying in the smartphone era

Zero-click attacks exploit security breaches in smartphones in order to hack into a target’s device without the target having to do anything. They are now a threat to everyone, from governments to medium-sized companies.

“Zero-click attacks are not a new phenomenon”, says Hervé Debar, a researcher in cybersecurity at Télécom SudParis. “In 1988 the first computer worm, named the “Morris worm” after its creator, infected 6,000 computers in the USA (10% of the internet at the time) without any human intervention, causing damage estimated at several million dollars.” By connecting to messenger servers which were open access by necessity, this program exploited weaknesses in server software, infecting it. It could be argued that this was one of the very first zero-click attacks, a type of attack which exploits security breaches in target devices without the victim having to do anything.

There are two reasons why this type of attack is now so easy to carry out on smartphones. Firstly, the protective mechanisms for these devices are not as effective as those on computers. Secondly, more complex processes are required in order to present videos and images, meaning that the codes enabling such content to be displayed are often more complex than those on computers. This makes it easier for attackers to hack in and exploit security breaches in order to spread malware. As Hervé Debar explains, “attackers must, however, know certain information about their target – such as their mobile number or their IP address – in order to identify their phone. This is a targeted type of attack which is difficult to deploy on a larger scale as this would require collecting data on many users.”

Zero-click attacks tend to follow the same pattern: the attacker sends a message to their target containing specific content which is received in an app. This may be a sound file, an image, a video, a gif or a pdf file containing malware. Once the message has been received, the recipient’s phone processes it using apps to display the content without the user having to click on it. While these applications are running, the attacker exploits breaches in their code in order to run programs resulting in spy software being installed on the target device, without the victim knowing.

Zero-days: vulnerabilities with economic and political impact

Breaches exploited in zero-click attacks are known as “zero-days”, vulnerabilities which are unknown to the manufacturer or which have yet to be corrected. There is now a global market for the detection of these vulnerabilities: the zero-day market, which is made up of companies looking for hackers to identify these breaches. Once the breach has been identified, the hacker will produce a document explaining it in detail, with the company who commissioned the document often paying several thousand dollars to get their hands on it. In some cases the manufacturer themselves might buy such a document in an attempt to rectify the breach. But it may also be bought by another company looking to sell the breach to their clients – often governments – for espionage purposes. According to Hervé Debar, between 100 and 1,000 vulnerabilities are detected on devices each year. 

Zero-click attacks are regularly carried out for theft or espionage purposes. For theft, the aim may be to validate a payment made by the victim in order to divert their money. For espionage, the goal might be to recover sensitive data about a specific individual. The most recent example was the Pegasus affair, which affected around 50,000 potential victims, including politicians and media figures. “These attacks may be a way of uncovering secret information about industrial, economic or political projects. Whoever is responsible is able to conceal themselves and to make it difficult to identify the origin of the attack, which is why they’re so dangerous”, stresses Hervé Debar. But it is not only governments and multinationals who are affected by this sort of attack – small and medium-sized companies are too. They are particularly vulnerable in that, owing to a lack of financial resources, they don’t have IT professionals running their systems, unlike major organisations.

Also read on I’MTech Cybersecurity: high costs for companies

More secure computer languages

But there are things that can be done to limit the risk of such attacks affecting you. According to Hervé Debar, “the first thing to do is use your common sense. Too many people fall into the trap of opening suspicious messages.” Personal phones should also be kept separate from work phones, as this prevents attackers from gaining access to all of a victim’s data. Another handy tip is to back up your files onto an external hard drive. “By transferring your data onto an external hard drive, it won’t only be available on the network. In the event of an attack, you will safely be able to recover your data, provided you disconnected the disc after backing up.” To protect against attacks, organisations may also choose to set up intrusion detection systems (IDS) or intrusion prevention systems (IPS) in order to monitor flows of data and access to information.

In the fight against cyber-attacks, researchers have developed alternative computing languages. Ada, a programming language which dates back to the 1980s, is now used in the aeronautic industry, in railways and in aviation safety. For the past ten years or so the computing language Rust has been used to solve problems linked to the management of buffer memory which were often encountered with C and C++, languages widely used in the development of operating systems. “These new languages are better controlled than traditional programming languages. They feature automatic protective mechanisms to prevent errors committed by programmers, eliminating certain breaches and certain types of attack.” However, “writing programs takes time, requiring significant financial investment on the part of companies, which they aren’t always willing to provide. This can result in programming errors leading to breaches which can be exploited by malicious individuals or organisations.”

Rémy Fauvel

livreurs de plateformes

Delivery riders seeking social protection

Cynthia Srnec, Sciences Po and Cédric Gossart, Institut Mines-Télécom Business School

“In the ideal world of the delivery platforms, we would say nothing, just smile politely, “Hello, sir”, “Goodbye”, get on our bikes, make our deliveries, never fall, never have an accident, never make a complaint […]. We used to pay you €5, now it’s €2.60, what are you going to do about it? On you go, chop chop! Make sure the food stays hot, ignore red lights, and don’t die please!”

This testimony from a young delivery rider illustrates the subordination that is central to an ecosystem in which algorithms call all the shots.

What needs to be done for these workers, exposed to various different risks? What do they need in terms of social protection?

These questions are very much central to the debate around the planned finance law for social security for 2022. First proposed back in September, its aim is to improve social protection for self-employed workers, but the improvements put forward don’t seem to factor in the mishaps which can befall delivery riders.

We asked them about their needs and the difficulties they face via an online questionnaire. 219 delivery drivers active in France during the pandemic responded, 15 of whom were interviewed.

The delivery riders who responded to our questionnaire are young (3 out of 4 are under 30 years of age) and don’t earn very much: half of them make less than €900/month before tax. Although half are logged on between 20 and 40 hours a week, they don’t get paid for time spent waiting on orders, which prevents many of them from taking on another job (for 60% of them, this is their only source of work). Before working as delivery riders, 37% were unemployed, this group most likely to have done this work for more than 3 years.

Their preferred mode of transport is push bike (37%) followed by electric bike (26%). Riders on push bikes earn less than the others (22% earn less than €900/month), while the majority of delivery riders who use another mode of transport earn slightly more.

The risks of the job

“I was hit by a pedestrian and broke my hand. I didn’t realise I had broken anything, and so I kept working. […] there are a lot of delivery riders […] who keep working with broken bones because they have to for financial reasons, or because they don’t have any social security allowing them to take time off to recover.” (Interview n°3)

This account illustrates the physical and financial vulnerability which affects many delivery riders. Only 31% of them have never experienced health difficulties as a result of their work. 70% have issues with traffic and parking, 61% have significant issues because of time spent waiting to be allocated a route, and 68% have significant issues because of time spent waiting for orders to be prepared. We don’t know exactly how many accidents have befallen riders or how many have died, but the delivery rider community is starting to come together to take action.

Are delivery riders treated properly?

The vulnerability of delivery riders depends on the risks they are exposed to and what protections they have in place (e.g. a salary, family health insurance, etc.).

According to our survey, the most vulnerable delivery riders (V4) are the most exposed and have the least protection (the unemployed, illegal immigrants, long-term delivery riders, etc.). These highly vulnerable delivery riders are part of the 32% who told us they did not have any social security coverage, and aren’t aware of all of their rights (25% of delivery riders who responded to our questionnaire didn’t know if they had any social security coverage). They generally don’t inform their employer if they have any issues (57% didn’t make the company aware about accident or illness). Among those who did, 61% were given no assistance, and what was on offer didn’t compensate for the lack of income as a result of them being off work:

“There’s no point. I knew full well that the self-employment benefits would cover nothing or practically nothing. I knew that the top-up health coverage policies with the platforms are very low-cost contracts, even extremely low-cost, and I knew there would be no point making a claim.” (Interview n°2)

A “dirty job”

The variable geometry of the vulnerability of workers doing this “dirty job” have to face is down in no small part to the “paltry” social protection they get.

This legal and institutional void benefits platforms, some of whom have been taken to court for off-the-books work.

In Spain the law was changed in August 2021 to make it that every delivery rider is considered an employee. This resolution to the precarity brought about through the gig-economy, a pressing social issue of our times, has support in France from unions and collectives of delivery riders, but also from the EU Parliament:

“The coverage, suitability and formal and effective transparency of social protection must apply to all workers, including the self-employed.”

Bear in mind that 97% of the delivery riders who responded to our questionnaire were registered self-employed.

Morgane Le Guern from the MGEN Corporate Foundation for Public Health contributed to this article.

Cynthia Srnec, postdoctoral researcher, Sciences Po and Cédric Gossart, Professor (permanent, full-time), Institut Mines-Télécom Business School

This article has been republished from The Conversation under a Creative Commons licence. Read the original article.

Facebook

Facebook: a small update causes major disruption

Hervé Debar, Télécom SudParis – Institut Mines-Télécom

Late on October 4, many users of Facebook, Instagram and WhatsApp were unable to access their accounts. All of these platforms belong to the company Facebook and were all affected by the same type of error: an accidental and erroneous update to the routing information for Facebook’s servers.

The internet employs various different types of technology, two of which were involved in yesterday’s incident: BGP (border gateway protocol) and DNS (domain name system).

In order to communicate, each machine must have an IP address. Online communication involves linking two IP addresses together. The contents of each communication are broken down into packets, which are exchanged by the network between a source and a destination.

How BGP (border gateway protocol) works

The internet is comprised of dozens of “autonomous systems”, or AS, some very large, and others very small. Some AS are interconnected via exchange points, enabling them to exchange data. Each of these systems is comprised of a network of routers, which are connected using either optical or electrical communication links. Communication online circulates using these links, with routers responsible for transferring communications between links in accordance with routing rules. Each AS is connected to at least one other AS, and often several at once.

When a user connects their machine to the internet, they generally do so via an internet service provider or ISP. These ISPs are themselves “autonomous systems”, with address ranges which they allocate to each of their clients’ machines. Each router receiving a packet will analyse both the source and the destination address before deciding to transfer the packet to the next link, following their routing rules.

In order to populate these routing rules, each autonomous system shares information with other autonomous systems describing how to associate a range of addresses in their possession with an autonomous system path. This is done step by step through the use of the BGP or border gateway protocol, ensuring each router has the information it needs to transfer a packet.

DNS (domain name system)

The domain name system was devised in response to concerns surrounding the lack of transparency with IP addresses for end users. For available servers on the internet, this links “facebook.com” with the IP address “157.240.196.35”.

Each holder of a domain name sets up (or delegates) a DNS server, which links domain names to IP addresses. They are considered to be the most reliable source (or authority) for DNS information, but are also often the first cause of an outage – if the machine is unable to resolve a name (i.e. to connect the name requested by the user to an address), then the end user will be sent an error message.

Each major internet operator – not just Facebook, but also Google, Netflix, Orange, OVH, etc. – has one or more autonomous systems and coordinates the respective BGP in conjunction with their peers. They also each have one or more DNS servers, which act as an authority over their domains.

The outage

Towards the end of the morning of October 4, Facebook made a modification to its BGP configuration which it then shared with the autonomous systems it is connected to. This modification resulted in all of the routes leading to Facebook disappearing, across the entire internet.

Ongoing communications with Facebook’s servers were interrupted as a result, as the deletion of the routes spread from one autonomous system to the next, since the routers were no longer able to transfer packets.

The most visible consequence for users was an interruption to the DNS and an error message, followed by the DNS servers of ISPs no longer being able to contact the Facebook authoritative server as a result of the BGP error.

This outage also caused major disruption on Facebook’s end as it rendered remote access and, therefore, teleworking, impossible. Because they had been using the same tools for communication, Facebook employees found themselves unable to communicate with each other, and so repairs had to be carried out at their data centres. With building security also online, access proved more complex than first thought.

Finally, with the domain name “facebook.com” no longer referenced, it was identified as free by a number of specialist sites for the duration of the outage, and was even put up for auction.

Impact on users

Facebook users were unable to access any information for the duration of the outage. Facebook has become vitally important for many communities of users, with both professionals and students using it to communicate via private groups. During the outage, these users were unable to continue working as normal.

Facebook is also an identity provider for many online services, enabling “single sign-on”, which involves users reusing their Facebook accounts in order to access services offered by other platforms. Unable to access Facebook, users were forced to use other login details (which they may have forgotten) in order to gain access.

Throughout the outage, users continued to request access to Facebook, leading to an increase in the number of DNS requests made online and a temporary but very much visible overload of DNS activity worldwide.

This outage demonstrated the critical role played by online services in our daily lives, while also illustrating just how fragile these services still are and how difficult it can be to control them. As a consequence, we must now look for these services to be operated with the same level of professionalism and care as other critical services.

Banking, for example, now takes place almost entirely online. A breakdown like the one that affected Facebook is less likely to happen to a bank given the standards and regulations in place for banking, such as the Directive On Network And Service Securitythe General Data Protection Regulation or PCI-DSS.

In contrast, Facebook writes its own rules and is partially able to evade regulations such as the GDPR. Introducing service obligations for these major platforms could improve service quality. It is worth pointing out that no bank operates a network as impressive as Facebook’s infrastructure, the size of which exacerbates any operating errors.

More generally, after several years of research and standardisation, safety mechanisms for BGP and DNS are now being deployed, the aim being to prevent attacks which could have a similar impact. The deployment of these security mechanisms will need to be accelerated in order to make the internet more reliable.

Hervé Debar, Director of Research and PhDs, Deputy director, Télécom SudParis – Institut Mines-Télécom

This article has been republished from The Conversation under a Creative Commons licence. Read the original article.

Pharmaceutical industry

Caring for the population or one’s earnings? A dilemma for marketers in the pharmaceutical industry

Loréa Baïada-Hirèche, Institut Mines-Télécom Business School ; Anne Sachet-Milliat, ISC Paris Business School et Bénédicte Bourcier-Béquaert, ESSCA École de Management

The pharmaceutical industry is rocked by scandals on a regular basis. Oxycodon, for example, has been massively distributed in the United States despite being a highly addictive opioid analgesic, and has been implicated in some 200,000 deaths by overdose in the United States since 1999.

Closer to home, it took more than 15 years for Servier Laboratories’ Mediator to be withdrawn from the market, even though its prescription as an appetite suppressant, outside its initial therapeutic indication, caused numerous victims, including 2,000 recorded deaths. The outcome of the trial in March 2021 highlighted not only the responsibility of doctors, but also that of the laboratories producing these drugs, as was also the case for Levothyrox, manufactured by Merck.

These different scandals are merely the visible manifestation of the constant tension generated in this sector between the pursuit of profit and its fundamental health mission. The marketing professionals who are responsible for promoting medicines to patients and doctors seem particularly concerned by this ethical conflict which can cause them to question their real mission: is it treating or selling?

In the course of our research, we set out to discover how marketers in the pharmaceutical sector perceive this quandary and how they deal with it.

Economic interest but a health mission

The ethical conflicts encountered can lead marketers into situations of “moral dissonance”. This refers to occasions when people’s behaviors or decisions conflict with their moral values. Because it brings into play elements which are central to people’s identity such as their values, moral dissonance can generate significant psychological discomfort, giving rise to guilt and affecting self-esteem.

The people affected will then engage in strategies designed to reduce this state of dissonance, which are mainly based on the use of self-justification mechanisms but may also include changing their behavior or seeking social support.

To understand the attitudes of pharmaceutical marketing professionals, we conducted in-depth interviews with 18 of them, which revealed that these individuals are beset by ethical conflicts of varying severity, most of which relate to decisions that are of economic interest but lead to their failure to fulfill their health mission. This may involve potential harm to patients, infringements of regulations or breaches of professional ethics. Conflicts seem to affect people more intensely when the choices have major impacts on patients’ health.

The Servier affair – a turning point

Our series of interviews revealed that three strategies are employed in an effort to resolve this conflict. The first strategy is to minimize the ethically sensitive nature of the issue, which means burying one’s head in the sand, ignoring the conflict or forgetting about it as quickly as possible.

For example, one respondent explains:

“I wouldn’t say that pharmaceutical industry is whiter than white, either. There have been cases like Servier, of people who were dishonest. But that’s not the case for most people who work in the industry. They are happy to work in an industry that has made a positive contribution to society.”

According to these professionals, there is no conflict between the health and economic missions: making a profit is a way to finance medical research. This perspective makes pharmaceutical companies out to be “the main investors in health”.

In addition, they point out that their practices are very tightly regulated by law. Several respondents point out that Mediator was a landmark case:

“There is no longer a problem because everything has been regulated. Problems caused by conflicts of interest such as the Servier case are over, they can’t happen anymore. There truly was a before and after Mediator, it really changed things.”

Unable to ignore the media-driven attacks on the pharmaceutical industry, they defend themselves by denouncing the media’s role in stirring up controversy, the headlines that seek to “create a buzz” and the “journalists who don’t have anything better to write about”.

In contrast, other respondents are well aware of the risks that the marketed product poses to patients. However, they claim to be taking these risks precisely for patient’s sake. This is how the rationale for doubling the doses recommended under the regulations for children with serious pathologies is justified:

Like heroes

“Even if it’s a product that is dangerous, potentially dangerous, and on which you don’t have too much hindsight, you tell yourself that you can decide, with the chief scientist, to support the doctors doubling the doses because there’s a therapeutic benefit.”

The emphasis on acting in the patient’s interest is disturbing because it leads marketers to conceal the economic dimension of their activity and to present it as a secondary concern. However, doubling the doses does indeed increase the sales of the product.

Paradoxically, referring to the patient’s well-being in this way can actually serve to endorse unethical acts, while sometimes enabling the marketers to present themselves as heroes who work miracles for their patients. One of them justifies his actions in this way:

“Our product was very beneficial to patients; everyone was grateful to us… First there were the health professionals who told us ‘Our patients are delighted, their cholesterol levels are really low, it’s great’ and then there were the patients who testified that ‘My doctor had been forcing me to take cholesterol-lowering drugs for the past three years and I was always in pain everywhere… I’ve been taking your products for two months now and not only is my cholesterol level low, but above all, I’m no longer in any pain whatsoever.’”

Their way of presenting their profession sometimes even makes them out to be acting as caregivers.

In the final strategy, some respondents note that the notion of profitability takes precedence over the health mission, and express their mistrust of the discourse developed by other sales professionals:

“Money has become so important these days, and I get the impression there is hardly any concern for ethics in the organizations and people marketing the products.”

The disillusionment of these marketers is such that, in contrast to the cases mentioned above, they can no longer find arguments to justify their marketing actions and reduce their malaise.

“I was not very comfortable because I felt like I was selling something that could possibly hurt people or even be fatal in certain cases. I was feeling a little guilty actually… I was thinking that I would have preferred to have been marketing clothes, or at least untainted products.”

The only way out of their dissonance seems to be to avoid problematic practices by changing jobs, companies, or even leaving the pharmaceutical industry altogether.

Training and regulatory affairs

What is the solution? It seems difficult to make recommendations to pharmaceutical manufacturers in light of the doubts about the real willingness of top management to prevent unethical behavior by their employees when such behavior is adopted in their economic interest.

However, highlighting the existence of moral dissonance and the psychological suffering it inflicts upon workers should cause them concern. Studies show that these phenomena have negative consequences such as loss of commitment to work and increased staff turnover.

This is especially true in the pharmaceutical industry, which is involved in a noble cause – health – to which the respondents generally remain strongly attached.

Externally, an ethical dimension should be more systematically integrated into marketing training, especially in specialized health marketing courses.

Moreover, although the law has been tightened up, particularly after the Mediator affair, this has not prevented the emergence of new scandals, particularly in new markets such as implants. To protect citizens, the public authorities should therefore be paying more attention to para-medical products, which are currently subject to less restrictive regulations.

Loréa Baïada-Hirèche, Senior Lecturer in Human Resources Management, Institut Mines-Télécom Business School; Anne Sachet-Milliat, Lecturer and Researcher in Business Ethics, ISC Paris Business School and Bénédicte Bourcier-Béquaert, Lecturer and Researcher in Marketing, ESSCA École de Management

This article has been republished from The Conversation under a Creative Commons license. Read the original article (in French).

3D printing, a revolution for the construction industry?

Estelle Hynek, IMT Nord Europe – Institut Mines-Télécom

A two-story office building was “printed” in Dubai in 2019, becoming the largest 3D-printed building in the world by surface area: 640 square meters. In France, XtreeE plans to build five homes for rent by the end of 2021 as part of the Viliaprint project. Constructions 3D, with whom I am collaborating for my thesis, printed the walls of the pavilion for its future headquarters in only 28 hours.

Today, it is possible to print buildings. Thanks to its speed and the variety of architectural forms that it is capable of producing, 3D printing enables us to envisage a more economical and environmentally friendly construction sector.

3D printing consists in reproducing an object modeled on a computer by superimposing layers of material. Also known as “additive manufacturing”, this technique is developing worldwide in all fields, from plastics to medicine, and from food to construction.

For the 3D printing of buildings, the mortar – composed of cement, water and sand – flows through a nozzle connected to a pump via a hose. The sizes and types of printers vary from one manufacturer to another. The “Cartesian” printer (up/down, left/right, front/back) is one type, which is usually installed in a cage system on which the size of the printed elements is totally dependent. Another type of printer, such as the “maxi printer”, is equipped with a robotic arm and can be moved to any construction site for the direct in situ printing of different structural components in a wider range of object sizes.

L’attribut alt de cette image est vide, son nom de fichier est file-20210818-25-18klydg.jpg.
Pavilion printed by Constructions 3D in Bruay-sur-l’Escaut. Constructions 3D, provided by the author

Today, concrete 3D printing specialists are operating all over the world, including COBOD in Denmark, Apis Cor in Russia, XtreeE in France and Sika in Switzerland. All these companies share a common goal: promoting the widespread adoption of additive manufacturing for the construction of buildings.

From the laboratory to full scale

3D printing requires mortars with very specific characteristics that enable them to undergo rapid changes.

In fact, these materials are complex and their characterization is still under development: the mortars must be sufficiently fluid to be “pumpable” without clogging the pipe, and sufficiently “extrudable” to emerge from the printing nozzle without blocking it. Once deposited in the form of a bead, the behavior of the mortar must change very quickly to ensure that it can support its own weight as well as the weight of the layers that will be superimposed on it. No spreading or “structural buckling” of the material is permitted, as it could destroy the object. For example, a simple square shape is susceptible to buckling, which could cause the object to collapse, because there is no material to provide lateral support for the structure’s walls. Shapes composed of spirals and curves increase the stability of the object and thus reduce the risk of buckling.

These four criteria (pumpability, extrudability, constructability and aesthetics) define the specifications for cement-based 3D-printing “inks”. The method used to apply the mortar must not be detrimental to the service-related characteristics of the object such as mechanical strength or properties related to the durability of the mortar in question. Consequently, the printing system, compared to traditional mortar application methods, must not alter the performance of the material in terms of both its strength (under bending and compression) and its longevity.

In addition, the particle size and overall composition of the mortar must be adapted to the printing system. Some systems, such as that used for the “Maxi printer”, require all components of the mortar except for water to be in solid form. This means that the right additives (chemicals used to modify the behavior of the material) must then be found. Full-scale printing tests require the use of very large amounts of material.

Initially, small-scale tests of the mortars – also called inks – are carried out in the laboratory in order to reduce the quantities of materials used. A silicone sealant gun can be used to simulate the printing and enable the validation of several criteria. Less subjective tests can then be carried out to measure the “constructable” nature of the inks. These include the “fall cone” test, which is used to observe changes in the behavior of the mortar over time, using a cone that is sunk into the material at regular intervals.

Once the mortars have been validated in the laboratory, they must then undergo full-scale testing to verify the pumpability of the material and other printability-related criteria.

L’attribut alt de cette image est vide, son nom de fichier est file-20210818-27-13hdzxe.jpg.
Mini printer. Estelle Hynek, provided by the author

It should be noted that there are as yet no French or European standards defining the specific performance criteria for printable mortars. In addition, 3D-printed objects are not authorized for use as load-bearing elements of a building. This would require certification, as was the case for the Viliaprint project.

Finding replacements for the usual ingredients of mortar for more environmentally friendly and economical inks

Printable mortars are currently mainly composed of cement, a material that is well known for its significant contribution to CO₂ emissions. The key to obtaining more environmentally friendly and economical inks is to produce cement-based inks with a lower proportion of “clinker” (the main component of cement, obtained by the calcination of limestone and clay), in order to limit the carbon impact of mortars and their cost.

With this in mind, IMT Nord-Europe is working on incorporating industrial by-products and mineral additives into these mortars. Examples include “limestone filler”, a very fine limestone powder; “blast furnace slag”, a co-product of the steel industry; metakaolin, a calcinated clay (kaolinite); fly ash, derived from biomass (or from the combustion of powdered coal in the boilers of thermal power plants); non-hazardous waste incineration (NHWI) bottom ash, the residue left after the incineration of non-hazardous waste, or crushed and ground bricks. All of these materials have been used in order to partially or completely replace the binder, i.e. cement, in cement-based inks for 3D printing.

Substitute materials are also being considered for the granular “skeleton” structure of the mortar, usually composed of natural sand. For example, the European CIRMAP project is aiming to replace 100% of natural sand with recycled sand, usually made from crushed recycled concrete obtained from the deconstruction of buildings.

Numerous difficulties are associated with the substitution of the binder and granular skeleton: mineral additions can make the mortar more or less fluid than usual, which will impact the extrudable and constructable characteristics of the ink, and the mechanical strength under bending and/or compression may also be significantly affected depending on the nature of the material used and the cement component substitution rate.

Although 3D printing raises many issues, this new technology enables the creation of bold architectural statements and should reduce the risks present on today’s construction sites.

Estelle Hynek, PhD student in civil engineering at IMT Nord Europe – Institut Mines-Télécom

This article has been republished from The Conversation under a Creative Commons license. Read the original article (in French).

web browsing

How our Web browsing has changed in 30 years

Victor Charpenay, Mines Saint-Étienne – Institut Mines-Télécom

On August 5, 1991, a few months before I was born, Tim Berners-Lee unveiled his invention, called the “World Wide Web”, to the public and encouraged anyone who wanted to discover it to download the world’s very first prototype Web “browser”. This means that the Web as a public entity is now thirty years old.

Tim Berners-Lee extolled the simplicity with which the World Wide Web could be used to access any information using a single program: his browser. Thanks to hypertext links (now abbreviated to hyperlinks), navigation from one page to another was just a click away.

However, the principle, which was still a research topic at that time, seems to have been undermined over time. Thirty years later, the nature of our web browsing has changed: we are visiting fewer websites but spending more time on each individual site.

Hypertext in the past: exploration

One of the first scientific studies of our browsing behavior was conducted in 1998 and made a strong assumption: that hypertext browsing was mainly used to search for information on websites – in short, to explore the tree structure of websites by clicking. Search engines remained relatively inefficient, and Google Inc. had just been registered as a company. As recently as 2006 (according to another study published during the following year), it was found that search engines were only used to launch one in six browsing sessions, each of which then required an average of a dozen clicks.

L’attribut alt de cette image est vide, son nom de fichier est file-20210906-17-xeytzq.jpg.
Jade boat, China. Metropolitan Museum of Art, archive.org

Today, like most Internet users, your first instinct will doubtless be to “Google” what you are looking for, bypassing the (sometimes tedious) click-by-click search process. The first result of your search will often be the right one. Sometimes, Google will even display the information you are looking for directly on the results page, which means that there will be no more clicks and therefore no more need for hypertext browsing.

To measure this decline of hypertext from 1998 to today, I conducted my own (modest) analysis of browsing behavior, based on the browsing history of eight people over a two-month period (April-May 2021), who sent me their histories voluntarily (no code was hidden in their web pages, in contrast to the practices of other browsing analysis algorithms), and the names of the visited web sites were anonymized (www.facebook.com became *.com). Summarizing the recurrent patterns that emerged from these browsing histories shows not only the importance of search engines, but also the concentration of our browsing on a small number of sites.

Hypertext today: the cruise analogy

Not everyone uses the Web with the same intensity. Some of the histories analyzed came from people who spend the vast majority of their time in front of the screen (me, for example). These histories contain between 200 and 400 clicks per day, or one every 2-3 minutes for a 12-hour day. In comparison, people who use their browser for personal use only perform an average of 35 clicks per day. Based on a daily average of 2.5 hours of browsing, an Internet user clicks once every 4 minutes.

What is the breakdown of these clicks during a browsing session? One statistic seems to illustrate the persistence of hypertext in our habits: three quarters of the websites we visit are accessed by a single click on a hyperlink. More precisely, on average, only 23% of websites are “source” sites, originating from the home page, a bookmark or a browser suggestion.

However, the dynamics change when we analyze the number of page views per website. Indeed, most of the pages visited come from the same sites. On average, 83% of clicks take place within the same site. This figure remains relatively stable over the eight histories analyzed: the minimum is 73%, the maximum 89%. We typically jump from one Facebook page to another, or from one YouTube video to another.

There is therefore a dichotomy between “main” sites, on which we linger, and “secondary” sites, which we consult occasionally. There are very few main sites: ten at the most, which is barely 2% of all the websites a person visits. Most people in the analysis have only two main sites (perhaps Google and YouTube, according to the statistics of the most visited websites in France).

On this basis, we can paint a portrait of a typical hypertext browsing session, thirty years after the widespread adoption of this principle. A browsing session typically begins with a search engine, from which a multitude of websites can be accessed. We visit most of these sites once before leaving our search engine. We always visit the handful of main sites in our browsing session via our search engine, but once on a site, we carry out numerous activities on it before ending the session.

The diagram below summarizes the portrait I have just painted. The websites that initiate a browsing session are in yellow, the others in blue. By analogy with the exploratory browsing of the 90s, today’s browsing is more like a slow cruise on a select few platforms, most likely social platforms like YouTube and Facebook.

L’attribut alt de cette image est vide, son nom de fichier est file-20210831-23-1jlvak1.png.
A simplified graph of browsing behavior; the nodes of the graph represent a website (yellow for a site initiating a browsing session, blue for other sites) and the lines represent one or more clicks from one site toward another (the thickness of the lines is proportional to the number of clicks). Victor Charpenay, provided by the author.

The phenomenon that restricts our browsing to a handful of websites is not unique to the web. This is one of the many examples of Pareto’s law, which originally stated that the majority of the wealth produced was owned by a minority of individuals. This statistical law crops up in many socio-economic case studies.

However, what is interesting here is that this concentration phenomenon is intensifying. The 1998 study gave an average of 3 to 8 pages visited per website. The 2006 survey reported 3.4 page visits per site. The average I obtained in 2021 was 11 page visits per site.

Equip your navigator with a “porthole”

The principle of hypertext browsing is nowadays widely abused by the big Web platforms. The majority of hyperlinks between websites – as opposed to self-referencing links (those directed by websites back to themselves, shown in blue on the diagram above) – are no longer used by humans for browsing but by machines for automatically installing fragments of spyware code on our browsers.

There is a small community of researchers who still see the value of hypermedia on the web, especially when users are no longer humans, but bots or “autonomous agents” (which are programmed to explore the Web rather than remain on a single website). Other initiatives, like Solid – Tim Berners-Lee’s new project – are trying to find ways to give Internet users (humans or bots) more control over their browsing, as in the past.

As an individual, you can monitor your own web browsing in order to identify habits (and possibly change them). The Web Navigation Window browser extension, available online for Chrome and Firefox, can be used for this purpose. If you wish, you could also contribute to my analysis by submitting your own history (with anonymized site names) via this extension. To do so, just follow the corresponding hyperlink.

Victor Charpenay, Lecturer and researcher at the Laboratory of Informatics, Modeling and Optimization of Systems (LIMOS), Mines Saint-Étienne – Institut Mines-Télécom

This article has been republished from The Conversation under a Creative Commons license. Read the original article (in French).

gestion des déchets, waste management

Waste management: decentralizing for better management

Reducing the environmental impact of waste and encouraging its reuse calls for a new approach to its management. This requires the modeling of circuits on a territorial scale, and the improvement of collaboration between public and private actors.

Territorial waste management is one of the fundamental aspects of the circular economy. Audrey Tanguy,1 a researcher at Mines Saint-Étienne, is devoting some of her research to this subject by focusing on the development of approaches to enable the optimal management of waste according to its type and the characteristics of different territories. “The principle is to characterize renewable and local resources in order to define how they can be processed directly on the territory,” explains Audrey Tanguy. Organic waste, for example, should be processed using the shortest possible circuits because it degrades quickly. Current approaches tend to centralize as much waste as possible with a view to its processing, while circular approaches tend towards more local, decentralized circuits. Decentralization can be supported by low-tech technologies, which optimize local recycling or composting in the case of organic waste, especially in the urban environment.

The research associated with waste processing therefore aims to find ways to relocate these flows. Modeling tools can help to spatialize these flows and then provide guidance for decision-makers on how to accommodate local channels. “Traditional waste-processing impact assessment tools assess centralized industrial systems, so we need to regionalize them,” explains Audrey Tanguy. These tools must take the territorial distribution of resources into account, regardless of whether they are reusable. In other words, they must determine which are the main flows that can be engaged in order to recover and transform materials. “It is therefore a question of using the appropriate method to prioritize the collection of materials, and to this end, an inventory of the emission and consumption flows needs to be drawn up within the territory,” states the researcher.

Implementation of strategies in the territories

In order to implement circular economy strategies on a territorial scale, the collaboration of different types of local actors is essential. Beyond the tools required, researchers and the organizations in place can also play an important role by helping the decision-makers to carry out more in-depth investigations of the various activities present in the chosen territory. This enables the definition of collaborative strategies in which certain central stakeholders galvanize the actions of the other actors. For example, business associations or local public-private partnership associations promote policies that support industrial strategies. A good illustration is the involvement of the Macéo association, in partnership with Mines Saint-Étienne, in the implementation of strategies for the recycling and recovery of plastic waste in the Massif Central region. It acts as a central player in this territory and coordinates the various actions by implementing collaborative projects between companies and communities.

The tools also provide access to quantitative data about the value of potential exchanges between companies and enable the comparison of different scenarios based on exchanges. This can be applied to aspects of the pooling of transport services, suppliers or infrastructure. Even if these strategies do not concern core industrial production activities, they lay the foundations for future strategies on a broader scale by establishing trust between different actors.

Reindustrialisation of territories

We assume that in order to reduce our impacts, one of the strategies to be implemented is the reindustrialization of territories to promote shorter circuits,” explains Natacha Gondran,1 a researcher in environmental assessment at Mines Saint-Étienne. “This may involve trade-offs, such as sometimes accepting a degree of local degradation of the measured impacts in exchange for a greater reduction in the overall impact,” the researcher continues.

Reindustrializing territories is therefore likely to favor the implementation of circular dynamics. Collaboration between different actors at the local level could in this way provide appropriate responses to global issues concerning the pressure on resources and emissions linked to human activities. “This is one of the strategies to be put in place for the future, but it is also important to rethink our relationship with consumption in order to reduce it and embrace a more moderate approach,” concludes Natacha Gondran.

1 Audrey Tanguy and Natacha Gondran carry out their research in the framework of the Environment, City and Society Laboratory, a joint CNRS research unit composed of 7 members including Mines Saint-Étienne.

Antonin Counillon

This article is part of a 2-part mini-series on the circular economy.
Read the previous article: