Criticism is mounting that the national vision of an "AI powerhouse, digital government" has been undermined after a fire in the data center of the National Information Resources Service in Daejeon paralyzed the government's computer network. Observers noted that nothing has changed despite the 2022 KakaoTalk outage and the November 2023 shutdown of the government's administrative network. There is a growing call for Korea to back up and dualize its computer networks by using private clouds as the United States does, and to overhaul cloud regulations to strengthen digital infrastructure.
According to the government on the 29th, a lithium-ion battery fire that broke out on the night of the 26th at the Daejeon headquarters of the National Information Resources Service under the Ministry of the Interior and Safety completely burned 96 systems, bringing 647 online administrative and civil services—such as mobile ID issuance, Korea Post parcel and financial services, Government24, and the People's Sinmungo—to a halt over the weekend. The problem worsened because the cloud environment for national information resources that stores data was not properly dualized.
Experts stressed the need to build a disaster recovery (DR) environment that prevents network paralysis even in disasters such as fires and earthquakes. They said that when unexpected failures occur, it is not enough to back up data; a dual data center system must be established so that services run 24/7 without interruption. To do that, they advised the government to quickly adopt an Active-Active method in which two or more servers run simultaneously and to use private cloud services. Opinions also called for regular drills to check DR systems and for hiring and nurturing related talent.
The damaged computer room is a "G-Cloud zone" run directly by the national information resources agency, an environment that requires both server and cloud DR systems. The agency had a server DR system but failed to build a cloud DR system, leaving it a mere "half measure." The Daejeon headquarters sought to dualize with the Gongju backup center in the cloud, but progress was delayed due to budget issues. When a fire at Kakao's Pangyo data center in Oct. 2022 caused a KakaoTalk outage, insufficient system dualization was cited as the fundamental cause; a similar problem has now occurred in the government.
Yeom Heung-yeol, an emeritus professor of information security at Soonchunhyang University, said, "The government should invest funds to build a dualized Active-Active system." An Active-Active DR system runs two data centers simultaneously, allowing the other side to immediately take over if one side fails, keeping operations uninterrupted. Most telecommunications operators use Active-Active dualization techniques. It enables faster response than an Active-Standby DR system, which normally only backs up data and begins recovery when a failure occurs (with one server on standby).
After the 2023 administrative network shutdown, the government declared it would develop an Active-Active DR system, but construction at the Gongju center—where the system was to be applied—was delayed by budget issues, pushing the opening more than two years to Oct.–Nov. this year.
Yeom explained, "To build an Active-Active system, you need two sets of equipment at one center and the same two sets at the other, meaning a total of four sets of communications, security, server, and storage equipment," adding, "You must not only secure the budget for this, but also conduct regular switchover drills to check real-time operation and increase staff to manage it." According to the National Institute of Standards and Technology (NIST) under the U.S. Department of Commerce, the U.S. government mandates data dualization using data centers in multiple regions.
Among private companies, Netflix runs a verification program called "Chaos Monkey," which intentionally induces failures in the system to test resilience. Citing Chaos Monkey the previous day, Reform Party leader Lee Jun-seok said, "A culture in which government agencies regularly test system vulnerabilities and make improvements needs to take root."
Some also argue the government should use private cloud services as the United States does. While it would be ideal for the government to build a robust DR system with a strong safety net on its own, given budget and skilled labor shortages, teaming up with private corporations with superior technology where needed is more efficient, they explained.
The United States has been accelerating the adoption of cloud services in public institutions through its 2019 "Cloud Smart" policy. A follow-up to the "Cloud First" policy introduced in 2010 under the Obama administration, it gives federal agencies the option to select their preferred cloud vendors. Under this policy, private cloud service providers (CSPs) that pass the government cloud security certification program, the Federal Risk and Authorization Management Program (FedRAMP), can provide cloud services to public institutions. The Department of Defense and the Central Intelligence Agency (CIA) adopted Amazon Web Services (AWS) cloud, and the Defense Logistics Agency (DLA) signed a contract with Google Cloud. Microsoft (MS) provides cloud services to the U.S. General Services Administration (GSA).
According to market research firm Forrester, about 80% of U.S. federal agency IT leaders said they use a "hybrid cloud" that leverages both public and private clouds simultaneously. In the hybrid model, core systems requiring high security run on public clouds, while general business systems such as civil service platforms run on certified private clouds.
Experts said Korea must supplement cloud security regulations to adopt a distributed recovery system based on multi-region and multi-cloud, rather than a structure concentrated with a single vendor and a single data center. Kim Seung-joo, a professor at the Korea University Graduate School of Information Security, said, "In Korea, if the government wants to use private clouds, it must obtain the National Intelligence Service's PPP (public-private partnership) security certification or the Ministry of Science and ICT's CSAP (cloud security certification) 'high' certification," adding, "PPP certification was obtained by Samsung SDS and KT, but it is virtually dormant, and the CSAP certification framework has yet to be detailed."
The National Information Resources Service distributes about 1,600 computer systems across three centers in Daejeon, Gwangju, and Daegu, but only some have disaster recovery systems, so full service normalization is expected to take more than two weeks. A Ministry of the Interior and Safety official said that day, "It will take about four weeks to move and restore the 96 major information systems that were destroyed by the fire to the Daegu center."