🚨 Government Work Management System (On-Nara)

Today Korean Social News for Beginners | 2025.10.18

0️⃣ Hacking Incident and Problems with Government E-Administration Security

📌 Government Admits 'On-Nara' System Hack…650 Certificates Leaked, Controversy Over Poor Response

💬 The government has officially admitted that the Government Work Management System (On-Nara) was hacked. The National Intelligence Service discovered in mid-July that an external PC accessed On-Nara through the remote work system (G-VPN). The leaked information includes 650 GPKI certificates, API source code, and access logs. Some certificates were exposed along with their keys and passwords. The Ministry of the Interior and Safety said most certificates had expired and were destroyed, but the exact scope of damage and entry route have not been fully identified. The government is being criticized for taking two months after media reports to admit the hack, and has announced plans to introduce biometric-based multi-factor authentication to prevent future incidents.

💡 Summary

• The Government Work Management System (On-Nara) is a core e-government platform that processes all government agency work.
• A July 2025 hack leaked 650 GPKI certificates and system information.
• Concerns about government e-administration system safety are growing due to slow response and inadequate security measures.

1️⃣ Definition

The Government Work Management System (On-Nara) is an integrated e-government platform that digitizes and processes all administrative work including document creation, approval, and reporting. Introduced in 2007, it is currently used by central government ministries, local governments, and public institutions. It processes all administrative work electronically without paper documents.

On-Nara aims to increase work efficiency and ensure administrative transparency by digitalizing the entire process from document creation to approval, distribution, and storage. All processing records remain in the system for audit tracking, and it has become core infrastructure for national administrative work.

💡 Why is this important?

• All work of Korean government agencies is processed through this system.
• Security is very important as national secrets and sensitive administrative information are stored here.
• If hacked, the entire national administration could be paralyzed as this is critical infrastructure.
• The system handles information directly connected to citizens' personal information and national security.

2️⃣ Development of the Hacking Incident and Major Problems

📕 Discovery of the Hack and Government Response

• Signs of hacking were discovered in July. The main timeline is as follows:

  • The National Intelligence Service detected in mid-July that an external PC accessed On-Nara through G-VPN (Government remote work system).
  • Hacking suspicions were first reported in the media in August, but the government denied them.
  • The government only officially admitted the hack in October, two months later.
  • Criticism of the government's crisis management ability grew due to late admission and poor initial response.

• The scope of leaked information is serious. The main damage status is as follows:

  • 650 GPKI (government electronic signature) certificates were leaked, and some were exposed with their keys and passwords.
  • Core system information including API source code and access logs were also leaked.
  • Many of the leaked certificates had already expired, but some were still valid.
  • The exact scope of damage and leak route have still not been fully identified.

📕 Structural Problems in the Security System

• Vulnerabilities in the remote work system (G-VPN) were revealed. The main problems are as follows:

  • G-VPN is a system for public officials to access the government network from outside, and this route was exploited for hacking.
  • There was a structural vulnerability where access was possible with only ID and password.
  • The real-time detection and blocking system for abnormal access did not work properly.
  • Experts point out that the overall security level of government e-administration systems is insufficient to respond to modern cyber threats.

• Loopholes in GPKI certificate management were confirmed. The main problems are as follows:

  • There are problems with the management system itself that allowed certificates to be leaked in large quantities at once.
  • Expired certificates were not disposed of on time and remained in the system.
  • Certificate keys and passwords were stored together, creating immediate exploitation risk if leaked.
  • There were no additional security measures like two-factor or biometric authentication.

💡 Core Problems of the On-Nara Hacking Incident

1. Slow Response: Denial of facts and delayed response for 2 months after discovery
2. Wide-scale Leak: 650 certificates and core system information leaked
3. Weak Access Control: Security vulnerabilities in remote access routes
4. Inadequate Authentication: Limitations of simple ID/password system
5. Incomplete Damage Assessment: Exact leak scope and route unconfirmed

3️⃣ Expected Impact and Government Measures

✅ Impact on National Administration and Security

• The seriousness of administrative information leaks is significant. Main concerns are as follows:

  • Leaked certificates can be exploited for illegal access to the government's internal network.
  • Classified documents and sensitive administrative information risk being exposed externally.
  • Understanding of government work processes and system structure could become a foothold for additional attacks.
  • Citizens' personal information and national security-related information could be threatened.

• Decline in government trust is a concern. Main impacts are as follows:

  • Public trust in the government's security capabilities and crisis response has been greatly damaged.
  • Doubts about the safety of e-government services are growing.
  • Public officials' anxiety about remote work and digital work processing has increased.
  • This could negatively impact government digital innovation policy implementation.

✅ Government Response Plans and Improvement Tasks

• Emergency security measures have been implemented. Main measures are as follows:

  • All leaked certificates were investigated and destroyed.
  • G-VPN security was urgently strengthened and access logs are being analyzed in detail.
  • Security vulnerabilities in the On-Nara system were comprehensively inspected and patches were applied.
  • A security inspection of all government systems was conducted to prevent similar cases.

• Medium and long-term improvement plans are being pursued. Main plans are as follows:

  • Plans to introduce biometric-based multi-factor authentication.
  • Will build an AI-based abnormal access detection system.
  • Will strengthen security standards for all government e-administration systems and make regular inspections mandatory.
  • Plans to expand cybersecurity expert personnel and strengthen training.
  • Will conduct regular penetration testing and vulnerability assessments by external security experts.

4️⃣ Related Terms Explained

🔎 E-Government

• E-government is an administrative service system using information and communication technology.
  • E-government means a system that processes all government administrative work and public services using information and communication technology. The goal is to increase efficiency and transparency by using electronic documents instead of paper documents, processing civil complaints online, and digitalizing administrative information.
  • Major components of e-government include: First, internal administrative systems like the Government Work Management System such as On-Nara. Second, public services like Government24 and Civil Complaint24 online civil complaint processing systems. Third, specialized services like electronic procurement and electronic tax filing. Fourth, the Administrative Information Sharing System for information sharing between government agencies.
  • Korea has ranked first multiple times in UN e-government evaluations, showing how developed its e-government is, but this On-Nara hacking incident revealed vulnerabilities in security. It teaches us that security is as important as convenience and efficiency.

🔎 GPKI (Government Electronic Signature)

• GPKI is an electronic document authentication system between government agencies.
  • GPKI (Government Public Key Infrastructure) is a public key-based electronic signature authentication system used by government and public institutions. It is used to prevent forgery and alteration of electronic documents and to verify document creators. It's like approving documents with a digital certificate instead of a seal or signature.
  • GPKI's working principle involves receiving a pair of public and private keys. When you electronically sign a document with the private key, the signature can be verified with the public key. In this process, the certificate plays a key role in identity verification and document authenticity verification.
  • The leak of 650 GPKI certificates in this hack shook the credibility of the entire government electronic signature system. If certificates fall into hackers' hands, they can impersonate government officials to manipulate documents or illegally access systems. This is a serious security incident that threatens the entire government administrative system, beyond just information leakage.

🔎 G-VPN (Government Remote Work System)

• G-VPN is a system for safe remote access by public officials.
  • G-VPN (Government Virtual Private Network) is a virtual private network system for public officials to safely access the government's internal network while working from home or on external business trips. Its use greatly increased after COVID-19 as remote work expanded.
  • G-VPN works by allowing public officials to connect from personal PCs or laptops using the G-VPN program through an encrypted tunnel to the government's internal network. This allows them to use internal systems like On-Nara as if they were working in the office.
  • However, this incident revealed that G-VPN became a major route for hacking. An external PC accessing On-Nara through G-VPN means that a public official's account information was stolen or there was a vulnerability in the G-VPN system itself. It shows how difficult it is to balance the convenience of remote work with security.

5️⃣ Frequently Asked Questions (FAQ)

Q: Was my personal information also leaked in the On-Nara hack?

A: Direct personal information leaks have not been confirmed, but there is indirect risk.

• According to publicly available information so far, there is no evidence that ordinary citizens' personal information was directly leaked. What was leaked includes GPKI certificates, API source code, access logs, and other system operation-related information. First, On-Nara is mainly a system for internal government work, so it does not directly store ordinary citizens' personal information. Second, it is a separate system from public services like Government24 or Civil Complaint24. Third, the Ministry of the Interior and Safety also stated that no personal information was leaked.
• However, indirect risks exist. If hackers access government systems with leaked certificates, they could potentially access personal information handled in civil complaint processing or citizen databases held by the government. Also, since government system vulnerabilities have been revealed, other systems face higher attack risks. The government is conducting comprehensive investigations to confirm if there is additional damage, and citizens should also be especially careful about personal information management when using government civil service platforms.

Q: Why did the government admit the hack so late?

A: The exact reason has not been revealed, but there is controversy over security reasons and avoiding responsibility.

• Various speculations exist about why the government took 2 months to admit the hack. First, the government's explanation is that time was needed to identify the exact scope of damage and entry route. They say announcing prematurely could cause additional damage or spread incorrect information. Second, there are claims that they investigated secretly to avoid giving information to hackers for investigation security. Third, it may have taken time for coordination between related agencies like the National Intelligence Service and Ministry of the Interior and Safety.
• However, the opposition party and experts criticize this as the government avoiding responsibility and political considerations. There are suspicions of trying to hide an important security incident, criticism of trying to cover up responsible parties' accountability issues, and criticism of trying to avoid distrust in administrative capabilities. Transparent and prompt information disclosure is a basic principle of democratic society, especially for matters related to public safety. This incident raises fundamental questions about the government's crisis communication ability and transparency.

Q: Can we safely use government e-administration systems in the future?

A: Security strengthening measures are underway, but continuous attention and improvement are needed.

• The government has taken several security strengthening measures after this incident, so it is expected to be safer than before. First, all leaked certificates were destroyed and new certificates were issued. Second, security for remote access systems including G-VPN was significantly strengthened. Third, they are pursuing introduction of multi-factor authentication systems like biometric authentication. Fourth, security inspections were conducted on all government systems and vulnerabilities are being addressed.
• However, perfect security does not exist, and continuous improvement is needed. Since hacking technology continues to develop, the government must also constantly upgrade security. Citizens should also follow several precautions when using government services. They should regularly change public certificates or passwords, be careful of scams like phishing or smishing, and immediately report any suspicious access or requests. When government efforts and public attention come together, we can create a safe e-government system.

View Table of Contents

• Go to Guide