Open letter to Emmanuel Macron. Cybersecurity is not a technical subject. It is a duty of the State.
Mr President Macron. I am not writing to plead a cause. I am writing because it is time to stop pretending.

Mr President Macron,
I am not writing to plead a cause. I am writing because it is time to stop pretending.
For more than ten years, cyberattacks have multiplied. Hospitals, local authorities, ministries, strategic companies: no one is spared.
Every time, resources are announced. Committees. Roadmaps. Millions. But on the ground, public bodies have neither the tools, nor the people, nor the training. They improvise. They wait. And they take the hit.
Meanwhile, the threat grows. And not only on the side of the cybercriminals. The threat is also political, industrial, cultural.
Cybersecurity is not a competency. It is a pillar of sovereignty.
You cannot talk about a strategy of independence while depending on foreign clouds to host our public data.
You cannot talk about digital education while leaving teachers without support or any culture of data protection.
You cannot talk about a "startup nation" if the critical tools of young companies rest on American infrastructure, with no plan B.
There is no digital power without an ethic of security. And that ethic is not confined to the experts. It must be visible, active, taken on at the highest level of the State.

This is no longer about reacting. We have to prepare.
Leaving hospitals running Windows 7, town halls dependent on an untrained IT person who also happens to be the local cemetery gardener (a true story), or entire local authorities in the cloud without understanding what they are doing, is not a technical problem.
It is a political failing.
Cybersecurity can no longer remain a subject walled off among experts. It has to be placed at the heart of the national strategy, on the same footing as health, defence or energy. It already appears to some extent in the Military Programming Law, and despite European directives and regulations, France is struggling to find a way to Être en Cybersécurité.
This means acknowledging the gap between the rhetoric and the reality, and agreeing to overhaul what is not working:
- Elected officials' lack of interest in subjects deemed "too technical".
- Systematic outsourcing without verification.
- Steering by announcement effect.
You have the responsibility to change the framework, not to tweet in reaction
When a cyberattack hits a hospital or an administration, it is too late to make promises. Action was needed beforehand. Planning. Support. Anticipation.
What I am asking of you is not an additional budget. It is a clear, stable, public course. It is a form of steering that lasts longer than a single five-year term. It is a recognition of the fact that digital is not a tool: it is a vital infrastructure.
And like any infrastructure, it must be maintained, protected, monitored. Not only at the moment when everything breaks.
Mr President, if you want to be taken seriously on sovereignty, start with digital security
I am not asking you to understand the technical side. But to surround yourself with those who do understand it and whose sole ambition is not to tick boxes.
I am not asking you to become an expert. But to stop treating the experts as invisible technicians.
And above all, I am not asking you to talk about cyber. I am asking you to act as if France also existed in the digital world.
Because it already does. And for now, it is very much alone.
So start with the concrete.
Make cybersecurity a visible, owned, funded priority. Not through abstract billions, but through resources where they are truly missing: in the town halls, the hospitals, the schools. Where digital does not make anyone dream, but keeps things standing.
Impose a minimum sovereignty requirement on public procurement, give power back to on-the-ground IT departments, and train elected officials the way we train for civil protection: because they are the first links in the chain.
And above all, stop pitting the ground against the digital.
Yes, repairing a road is visible. Yes, securing Chantal's workstation does not make a nice photo. But both protect lives. Both fall (indirectly) under the responsibility of the State.
It is not about choosing between the tarmac and the cloud. It is about understanding that sovereignty, today, runs through both.
Questions fréquentes
Why does the author consider cybersecurity a matter of sovereignty?
Because you cannot claim digital independence while depending on foreign clouds to host public data. For him, there is no digital power without an ethic of security taken on at the highest level of the State.
What is the author concretely asking of the president?
Not an additional budget, but a clear, stable and public course that lasts longer than a single five-year term, resources where they are missing (town halls, hospitals, schools), a minimum sovereignty requirement in public procurement and training for elected officials.
What dysfunctions does the article point to?
Elected officials' lack of interest in subjects deemed too technical, systematic outsourcing without verification, and steering by announcement effect.
Does France already have a legal framework on the subject?
According to the article, cybersecurity already appears to some extent in the Military Programming Law, but despite European directives and regulations, France is struggling to make concrete progress.

Être en cybersécurité
Une feuille de route cyber en clair, pour tout le monde, pas seulement les experts.
