Online game players that got new consoles or games this past Christmas might have been disappointed when they went to play. Both Microsoft's Xbox Live and Sony's PlayStation Network were down for extended times of a day or more due to DDoS attacks. The now notorious group Lizard Squad had said it would target the gaming industry with attacks on Christmas—and it did.
The outages caused a significant loss of revenue for both companies, but more than that, they gave these companies a real hit in the reputation area. How could these huge tech companies – especially Microsoft, which practically invented personal computing – succumb to attacks from the likes of a couple of rogue hackers calling themselves the Lizard Squad? The David versus Goliath aspect of these attacks, and the fact that David (Lizard Squad) succeeded at knocking the two Goliaths (Sony and Microsoft) off their feet for a day or two, shows how much damage a determined attacker with a DDoS tool can do.
Now GameInformer.com is reporting that Phil Spencer, the head of Microsoft's Xbox division and Microsoft Studios, has said that he is working with people at Nintendo and Sony to share how they can combat attacks targeted at any of their gaming networks. As Spencer put it, an attack on one network leads to customer disappointment and distrust in all of their networks, and that's not good for anyone.
It's good to see competitors team up like this to fight a common battle. After all, cyber security isn't really a competitive advantage in this case, so there's no reason for any of the gaming network companies to go it alone. If any of them have information, processes or procedures that could be of use to the others, it behooves them to share. In fact, maybe it's time for these companies to establish a gaming industry Information Sharing and Analysis Center (ISAC).
Many industries ranging from financial services to manufacturing have formed an ISAC to provide a medium for member organizations to share cyber threats and approaches to securing their computing resources. While no one is likely to claim a gaming network is "critical infrastructure," these companies are global businesses that provide a legitimate entertainment service to their customers.
Perhaps that's why it's so surprising that they were simply unprepared for attacks that were pre-announced to commence on Christmas Day. Maybe they laughed at Lizard Squad's threats on December 24, but no one is laughing now. Hopefully these networks will be better prepared if there is a next time.