What started as a technological anecdote has turned into an unprecedented digital disaster. A fire at the data center of the National Information Resources Service (NIRS) in Daejeon (South Korea) has completely destroyed the G-Drive system, the “cloud” used by the South Korean government since 2018 to store the work documents of more than 750,000 public officials.
The Ministry of the Interior and Safety confirmed that all data stored individually by public employees has been lost. The most alarming part: there were no external backups.
🔥 A “Cloud” That Wasn’t Really One
The G-Drive was an obligatory storage platform offering 30 GB per official and consolidating documentation from ministries and public agencies. But unlike a modern cloud that features geographic redundancy, its architecture was a large-scale, low-performance storage system without external replication.
In other words: the South Korean government’s “cloud” existed only within the very data center that caught fire.
The fire, originating in the server room on the fifth floor, affected 96 critical information systems, including those supporting the administrative processes of the central government.
🧯 Lost Data, Service Interruptions
The most affected department was Human Resources, which mandated that all documentation be stored exclusively in G-Drive. Other institutions, using the system partially, experienced less damage.
IT teams are now working to recover data from the past months using:
- Files stored locally on officials’ personal computers.
- Emails.
- Printed documents and physical records.
Some official documents might be partly recoverable thanks to the OnNara system, which stores final reports and formal administrative records, though this system was also affected.
⚠️ Lack of Contingency Plans
The incident exposed serious shortcomings in South Korea’s cybersecurity policies. The Ministry of the Interior acknowledged that, although most systems in the center have daily backups on independent equipment and remote facilities, the G-Drive was an exception: its structure did not support external backups.
The result: irreversible data loss and widespread disruption of public services.
Criticism has grown nationwide. cybersecurity experts and public management specialists warn that this catastrophe highlights the absence of a Disaster Recovery Plan (DRP) and a misconception of the “cloud” concept, which necessarily involves redundancy and geographic availability.
🇪🇸 Could Something Like This Happen in Spain?
Generally, no.
In Spain, the National Security Framework (ENS), regulated by Royal Decree 311/2022, mandates that all public administrations have a Disaster Recovery Plan and a backup system based on the 3-2-1 strategy:
- 3 copies of data.
- Stored on 2 different media.
- With 1 copy off-site.
Additionally, the ENS requires maintaining service continuity and ensuring public information availability even in the face of physical or cyber disasters.
However, in practice, implementation varies. Not all local or regional entities are certified or audited at the same level, which opens the door to similar vulnerabilities, albeit on a smaller scale.
As technology expert David Bonilla pointed out, “legislation requires interoperable systems and reuse of public code, but we still have 17 separate health systems, so hopes for a unified digital resilience strategy remain limited.”
💬 Reflection
The South Korean case is not just a lucky misadventure: it’s a global warning. The loss of a system considered a “government cloud” proves that without true redundancy, a recovery plan, and continuous auditing, no system is infallible.
In a world where public information is central to state management, protecting data means protecting citizen trust.
Frequently Asked Questions
What is G-Drive?
It was South Korea’s government cloud storage system, used since 2018 by over 750,000 officials for work documents.
Why couldn’t the data be recovered?
Because G-Drive lacked external copies and geographic replication. All data resided in the same center that burned down.
What were the consequences?
Total loss of millions of documents, disruption of administrative services, and questions about the government’s cybersecurity strategy.
Could something similar happen in Spain?
In theory, no—thanks to the ENS, which requires contingency plans and external backups. But the lack of uniform certification among public bodies means not all organizations are equally protected.
🔒 Lesson: a “cloud” that doesn’t leave a building isn’t a cloud.
And a backup that doesn’t exist isn’t a backup either.
via: korea joongang daily