Over the weekend, Microsoft, Blizzard, Riot Games, Sony, and others all suffered distributed denial of service attacks resulting in varying degrees of downtime. As a result, thousands of gamers were suddenly unable to play their preferred games.
I was among those who lucked out, spending most of the weekend playing Madden 15 and Diablo III with friends on PSN with comparatively little interruption. Many more were unable to log on though, with some reporting strange glitches attempting to play games like Steamworld Dig on PS4. To their credit, pretty much all of them managed to get their services up and running before the weekend was up, enabling most players to get back to gaming in earnest, but the downtime is a reminder of just how vulnerable the industry is to concerted DDoS attacks like the ones from this weekend.
The days when it was possibly to pop a disc or cartridge into a console and start playing, with online being purely optional, are pretty much over. Many games require an internet connection to function properly now, with some like Diablo III becoming completely unplayable if they're taken offline. This has paid useful dividends for publishers who want to avoid having their games pirated, but in the event of extended downtime, it means that consumers are pretty much out of luck.
It was just this sort of event that gamers feared the most when Microsoft first revealed that the Xbox One would require online verification every 24 hours for games on the platform to function. Microsoft eventually backed off their plan after a substantial backlash, but if they had followed through with their initial plan, many Xbox One users would have found themselves with an unusable console this weekend. Given that most of us shelled out more than $600 for the right to play the Xbox One at launch, this would have been unacceptable. Thankfully it didn't come to pass.
It's only going to get worse though. Sony has done an admirable job of building up their infrastructure following the cataclysm of 2011, which resulted in the theft of 77 million accounts and 24 days of downtime, reacting quickly and authoratively to the latest attack. But with hackers getting ever more sophisticated, the next DDoS—or worse, outright intrusion—is always just around the corner. To be a gamer in 2014 is to live with the inevitability of extended downtime and the increased potential of identity theft.
This is not to discount all the good that has come out of online connectivity in gaming. Time marches onward, and there's no going back to the days before online updates, server maintenance, and DRM checks. If online connectivity were to go away tomorrow, we would lose entire genres, not to mention the various nifty extra features that games like FIFA 14 bring to the table. For Riot Games, there's just no getting around the fact that League of Legends requires an online connection to play. But there are other ways that publishers can protect their consumers from the next big attack.
The biggest is simply to include an offline mode for a game service that doesn't absolutely require an online connection. EA resisted adding offline play to SimCity for more than a year, but ultimately, the game is better for it. The ability to play the PC version of Watch_Dogs offline would have likewise saved Ubisoft and its customers a good deal of heartburn. This gets back to the old DRM argument, but when gamers are treated like criminals, everyone suffers.
Beyond that, all publishers and platform holders like Microsoft can really do is continue building up their infrastructure in preparation for the next attack. It's not a particularly fun way to do business, but that's life on the Internet for you. There may come a time when every online service is 100 percent reliable and DDoS attacks are a thing of the past. That day, however, is not today.
Until that day comes, it's incumbent upon developers and publishers to protect their customers from the next attack as best they can, whether in implementing greater protections for their data or simply allowing them to play offline. Doing so will ensure that even a successful attack will not be crippling in the long-run.