JULY COVERAGE SCHEDULE
- Morgan Wright, Chief Security Advisor at SentinelOne: "Digital Defenses for Medical Databases"
- Doug Milburn, Founder of 45Drives: "Demicrosoftification: A New Paradigm in Enterprise Computing"
- Emanuel Pastreich, President of the Asia Institute: "Miracle in Ulaanbaatar"
- Jin Hyung Kim, Emeritus Professor at KAIST: "Democratizing AI: Innovation for Everyone”
- Layne Hartsell, PhD, and Alexander Krabbe, MD: The essay "War in Eurasia"
- Eric Jaremalm, CEO of Midsummer: "The virgin market for industrial thin-film solar roofs"
- Yeonkyu Chung, CEO of Grib: "Effective Policy Support Measures for SMEs Under the Severe Accident Punishment Act"
By Cho Sung Kap (skc1777@anyang.ac.kr)
Since its initial release in November 2022, ChatGPT has surpassed 100 million users in just two months. This outcome can be attributed to the availability of wired and wireless communication infrastructure and the range of software configurations. Furthermore, the AI market, which has become a tangible reality, is experiencing exponential growth, transforming our daily lives, all economic industries, defense, education, and medical fields. The 2023 BCG report indicates that the generative AI market is expected to grow at a compound annual growth rate of 66% through 2027. This growth will be driven by a global population of 7.8 billion people and various objects using the Internet and software to achieve their goals.
But what happens if you go a day without the Internet? What happens if your bank doesn't go online? In a country like Korea, which is in a state of truce, what would happen if there was no communication or Internet access? These unthinkable consequences can be answered by recalling the Kakao incident and the fire in the Ahyun-dong communications district.
In conclusion, had we implemented the 100,000-strong strategy proposed by Seoae Ryu Seong-ryong, the Korean peninsula would not have been devastated, and we would not have suffered the loss of precious lives and property. We must implement a robust and reliable system. In light of the crucial role of IDCs (Internet Data Centers), the Ministry of Trade, Industry and Energy, the Ministry of Science and ICT, and the Korea Electric Power Corporation convened a policy forum on the activation of data centers on July 5. While the forum addressed the decentralization of energy, it would have been beneficial to delve deeper into the technical aspects of establishing IDCs. While there was a clear understanding of the role and significance of IDCs, there was a notable absence of discourse on the preventive technical specifications and legal measures necessary for effective disaster preparedness. IDCs process a vast amount of data—43 zettabytes (43 trillion gigabytes)—through transmission, reception, storage, and search. IDCs are the foundation for a range of essential technologies, including the Internet of Things (IoT), cloud computing, big data analytics, mobile (ICBM) and AI, blockchain, and data-intensive applications (ABCD). They support a vast array of services, from storing photos and videos on mobile devices to advanced applications like AlphaGo, NFTs, ChatGPT, home shopping, online gaming, cyber education, financial transactions, airline reservations, and MOOC (massive open online course) platforms.
In light of their significant current and future influence, what strategies should IDCs adopt to ensure their continued success? By implementing meticulous and proactive measures, we can establish ourselves as a leading force in the IT sector, providing robust protection for both the daily lives of our citizens and C4I (computer, command, control, communication, and information) defense systems. Google, the owner of the largest IDC in the world, provides seamless service to over a billion mobile phone users globally. In addition to Google, other prominent companies that operate IDCs include Microsoft, Facebook, Amazon, IBM, HP, and the U.S. Department of Defense.
It is imperative that IDCs operate a significant number of servers, networks, and storage devices 24/7 without any interruption. Consequently, they are required to comply with regulations pertaining to three key areas: operating protocol, cooling facilities, and power supply. However, the root of the problem lies beyond these measures. In addition to these three considerations, the site selection, building design, and construction methods must be clearly specified.
In South Korea, there is no distinct data center building code, resulting in occupancy permits being issued under categories such as factories and offices. It is of the utmost importance that IDCs are located in a secure and protected environment, as they are critical to both daily security and national defense. Therefore, it is essential that the site selection process takes into account potential risks such as fighter jets, bombs, terrorism, and natural disasters. It is essential that they be situated in locations that are not in close proximity to major urban facilities, chemical plants, explosives, or rivers. Additionally, they should be positioned in highly inaccessible areas, which are essentially fortress-like regions. Locating data centers on major roads or in densely populated areas increases their vulnerability
Presently, data centers in South Korea are constructed in urban areas, including downtown districts, and serve a dual purpose, functioning as both data centers and corporate offices. While the data center use category was established under broadcasting and telecommunications facilities in 2018, it does not account for potential future technological changes. For instance, in June 2018, Microsoft constructed and began operating an underwater data center at a depth of 35.7 meters as part of the Natick Project. This was done in accordance with the three aforementioned conditions and several additional factors. Microsoft is eager to expand its services through this underwater IDC (source: Yoonjin Lee, ESG Research Institute).
Following the fire at SK C&C's Pangyo Data Center, the response and subsequent media release focused exclusively on operational aspects, with no mention of building standards or prevention manuals. It is imperative that construction standards be set by law for large-scale IDCs that affect national defense and the economy. For instance, they should be constructed to withstand an earthquake of 7.0 on the Richter scale, feature flood protection systems comparable to those used in submarines, utilize helium gas fire-fighting systems in lieu of water, and include facilities for concealment against bombs and tank invasions, among other considerations.
1. NAVER and Kakao Bank, which are tenants of SK C&C's Pangyo IDC Center, resumed their services within hours, indicating that the cause of the KakaoTalk service outage was due to the lack of a business continuity plan (BCP) or problems that were not executed as planned.
As shown by the results of NAVER and Kakao Bank's service resumption, institutional alternatives should be prepared to fulfill the responsibilities and obligations of Business Continuity Management (BCM) to fulfill social responsibilities as a company, both in terms of NAVER's franchise risk and Kakao Bank's electronic financial supervision regulations under the Electronic Financial Transactions Act.
2. Institutional warnings should be used in a limited way by viewing KakaoTalk as a public service used by a large portion of the population, discussing corporate social responsibility for it, and demanding forward-looking legislation to prevent accidents and measures to prevent recurrence rather than human punishment through extensive audits by relevant agencies.
3. Institutional conditions should be as follows.
▲ A clear definition of what constitutes a public service.
▲ Define the classification of computer centers (including IDCs) according to the classification table of the government or relevant agencies, and stipulate the requirements for IDCs that house computer servers of public services to have a certain classification.
▲ Define the geographical location of the center, whether it is mixed with general offices, whether it has bypass access, and infrastructure such as electricity, heating, cooling, and fire protection according to the class of the center.
▲ Defining procedures for conducting periodic risk assessments, reporting potential risks based on the results of the assessments, and implementing remedial and supplementary controls.
The above-mentioned EFT regulation does not cover natural disasters, terrorism, site conditions, building requirements, etc. These are more technical and detailed.
Reflecting on past direct and indirect experiences, neglecting preventive measures due to the belief that there is a low probability of problems occurring, or having good internal operations of various servers but inadequate external operations for stability, calls for initiating institutional improvements inspired by Seoae Ryu Seong-ryong 's spirit of proactive preparation.
About the Author
Dr. Cho Sung Kap is the President of the Korea Youth Behavioral Science and Culture Institute, Chair Professor at Anyang University, and President of the Korea Internet Ethics Promotion Association. He has been involved in the prevention and resolution of ethical concerns related to Internet infrastructure in the context of the Fourth Industrial Revolution. This has included developing and operating programs through national agencies, including the Information and Communication Ethics Committee, the Internet Ethics Certification Exam, and the Internet Ethics Leadership Training Program. Dr. Cho has previously held several prominent positions, including head of IBM Korea, vice president of Hyundai Information Technology, and professor at Korea University. He has also served as chairman of the Asia-Europe Meeting (ASEM) ICT Working Group, president of the Federation of Korean Information Technology Societies, and vice president of Sehan University. His remarkable achievements and contributions have been recognized with awards such as the Presidential Award, the Order of Industrial Service Merit, and the Moran Medal of the Order of Civil Merit.
