Calls for Countermeasures After the "KakaoTalk Outage"
Government Fails to Establish Its Own Response System
Legal Revisions and Standards Introduced Only Last Year
Lack of Budget Leaves Only Data Backup, Not Full Recovery
There have been no follow-up measures since the "Kakao service outage incident" three years ago. At the time, the government strongly criticized private companies for poor management and demanded countermeasures, but the government itself failed to establish a basic disaster recovery (DR) system.
According to the Ministry of the Interior and Safety on September 29, of the 647 systems managed by the National Information Resources Service (NIRS), 96 systems that were damaged by fire are being considered for migration to a public-private cooperative cloud service within the Daegu Center.
The backup (redundancy) system, known as the "twin" system, is a core component of disaster recovery. While this system has been partially established between the Daejeon headquarters and the Gwangju Center, it has been confirmed that it only allows for data backup. In other words, there is no backup system that can actually be operated. An official from the Ministry of the Interior and Safety explained, "We have set up a backup preparation system, but due to a lack of budget, we have not been able to establish a system that can actually be operated."
The problem is that the government's demands for countermeasures following the KakaoTalk outage three years ago were applied only to private companies. At the time, the government required that, for data centers, sufficient spacing be maintained between batteries, non-combustible materials be used to create partitions to separate IT equipment from battery storage areas, and that systems be installed to check battery status every 10 seconds. It also mandated the installation of CCTV to record every detail of any incident that might occur.
However, the government failed to apply these measures to itself. The head of the National Information Resources Service at the time stated, "KakaoTalk and government systems are different," but the recent fire was also caused by a fire that started in some of the batteries.
The state of preparedness was also inadequate. It was only last year that the government amended the Enforcement Decree of the Framework Act on the Management of Disasters and Safety to prevent recurrence of such incidents, adding "information system failures" to the list of types of social disasters. It also established a standard Service Level Agreement (SLA) for public information systems of grades 1 and 2, setting guidelines that grade 1 systems must be restored within two hours and grade 2 systems within three hours-measures that were only put in place a year ago.
Although the Gongju Center, a disaster recovery center designed to provide normal services even if the networks distributed across Daejeon, Gwangju, and Daegu are all paralyzed, was completed in May 2023, it is currently only capable of backing up data.
There was no related budget at all. A senior official from the Ministry of the Interior and Safety said, "At the time, there was opposition based on the idea that private cloud utilization was also an option, so the budget was not included this year." Lee Yongseok, Director General of the Digital Government Innovation Bureau at the Ministry, also stated, "Although a DR system has been established, it is either at a minimal scale or only in the form of data backup," adding, "We were unable to carry out redundancy work due to budget constraints."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
