Simplified Netrunning Rules for CP2020 Southowilson 2.0 (Updated 7/6/09)

In the simplified netrunning system, we will not be using any of the existing cinematic, “Matrix”-style netrunning rules. Instead, use the following heavily abstracted rules. Normal computers by 2095 are nearly all equipped with some sort of system AI, giving them an INT statistic. This will be roughly similar to the equivalent GURPS Complexity. Cyberdecks are no different, though being portable they are usually no match for a static system AI. This is where the Netrunner comes in, supplying his human reflexes and intuition to do battle with the system AI, aided by carefully chosen software. By 2095, system memory is so abundant and cheaply available that there is no real point in tracking it. Assume that if it matters, there is enough memory for most software or files on a typical computer. Systems, including cyberdecks, have only two attributes worth tracking:

System INT - represents the processing power of the unit. Normally a portable system will be INT 2-5, with static systems essentially open-ended. This determines the base cost of the system.

Speed – representing the raw speed of the system. Speed ranges from -2 to +5 for portable systems, and can go higher for static systems. This is a cost multiplier of the system, as more potent systems are difficult to boost in speed.

 

Cyberspace Combat

Initiative: At the start of any action, an initiative roll will determine who acts first. In cyberspace combat, milliseconds are a matter of life or death.

Defender INT + System Speed + 1d10 vs. Attacker INT + System Speed + 1d10

Contest of Skill versus system AI, Netrunner, or Sysop: Use the following equation for handling any opposed contest of skills. In this setting, there will be an AI, expert system, or human opponent lurking in nearly every system. This one mechanic will suffice to decide any questions of who won or lost.

Attacker INT + Interface + Program STR + 1d10 vs. Defender INT + Interface + Program STR +1d10

 

Situational Modifiers

Netrunner is using keyboard only, -4

Netrunner is using ‘trodes only instead of interface plugs, -2

Netrunner is attempting the run cold, with no prior research on the target, -5. This penalty can be dropped if the netrunner performs appropriate research (Task Difficulty: DIFF, 20+) using any one of the following skills:

·         System Knowledge (INT), to research the system using technical means and obscure but openly available resources and data

·         Streetwise (COOL), to work the street and collect what information is available from the underground.

·         Persuasion & Fast Talk (EMP), to schmooze and “socially engineer” persons in a position to know useful facts about the target.

 

Programs

In this abstracted system, software is rated by STR, which can range from +1 to +10, though it is exceedingly rare to find anything above +4 or +5 commercially available. Each category of programs actually represents a useful cluster of individual sub-programs, each with cool names like "Flatline", "Aegis", "Safecracker 6.1" or whatever. Software is constantly becoming obsolete, so add a penalty to the older software in any contest, -1 for each month between the two. This means that successful netrunners are constantly on the prowl for the latest and greatest software.

Intrusion Software – Software designed to infiltrate computer security, mask one’s electronic signal or trace, and slip pass password/ID verification protection.

Counter-Intrusion Software – Software designed to detect intrusion, alert system management, and protect systems against electronic attack of various sorts.

Offensive Software – Software designed to directly damage programs, hardware, or even directly attack the nervous system (so-called “Black ICE”). Exact effects depend on the software involved, and must be specified when purchased.

·         Anti-Software reduces the STR of the targeted program by the Margin of Success.

·         Anti-System reduces the INT or Speed of the targeted system by the Margin of Success.

·         Black ICE reduces the INT, REF, COOL, or BOD of the target by the Margin of Success.

Defensive Software – Software designed to defend other software, hardware, or users from direct attack by offensive software. It essentially acts as armor, offering “all or nothing” protection against direct attack.

Utilities – Software designed to perform various functional tasks, such as file management, hardware maintenance, remote/drone operation, et cetera.

 

Common Tasks in Netrunning

Getting In: The netrunner will need to initially overcome passive defenses, passwords, and similar things. The easiest way to game this is with difficulty levels based on the sophistication of the target. Using INT + Interface + Intrusion Software + d10, the hacker must first defeat a difficulty level. These levels will normally be as follows:

·         Personal and small business systems                                                                                                                            ESY (10+)

·         Local government, local police systems, large local business                                                                                          AVG (15+)

·         Normal corporate systems, most federal government systems                                                                                        DIFF (20+)

·         Megacorp, military networks, or specific “high security” systems                                                                                      VDIFF (25+)

·         “No Such System Exists” Networks                                                                                                                                IMP (30+)

 

Creating Accounts: Once in, the hacker will need to either hijack create an account before he is able to actually do anything. Different levels of accounts allow greater access to a system, and are progressively more difficult to set up or hack into.

·         Guest – a public account allows limited access only to publically accessible items; websites, forums, games.                  ESY (10+)

·         User – a normal employee account that allows limited internal access to within one department or project.                        AVG (15+)        

·         Super User – a normal employee account for managers and executives, allowing wide access to most of a network.              DIFF (20+)                   

·         Sysop – an administrator “God” level account allowing access to all functions, including security.                                     VDIFF (25+)                 

·         Back Door – an invisible sysop account that requires no intrusion roll to reach from the outside.                                       IMP (30+)         

 

Finding Files and Remote Systems: Once inside with a useful account, the hacker can then begin the nitty gritty of his run. Assuming the account is valid, it is an ESY (10+) to locate any particular piece of data or controls for a particular piece of hardware, like a factory device, or a camera, or a door lock.

 

Defeating File Protection or Hardware Security: Some files, and most equipment is protected from outside tampering by some form of security software that must be overcome before a camera is spoofed, a secret plan is copied, or a robot arm springs menacingly to life. Using INT + Interface + Intrusion Software + d10, the hacker must first defeat a difficulty level. These levels will normally be as follows:

·         Normal personal files with password protection, climate control systems, lights, normal elevators                                     ESY (10+)

·         “Confidential” files, factory equipment, normal locks to low-security areas, maintenance robots, communication systems            AVG (15+)

·         “Restricted” files, security equipment such as alarm, cameras, outside access doorways, restricted elevators                    DIFF (20+)

·         “Top-Secret” files, active defenses such as gas projectors, gun systems, security robots                                                 VDIFF (25+)

·         “No Such Files Exists”, Secret Plans to Rule The World                                                                                                   IMP (30+)

 

 

Avoiding Alarms: If one of the common tasks is failed, the intruder risks setting off a security alarm, with varying consequences. Roll a contest of skills between the Netrunner and the Security AI, detailed below:

Intruder’s INT + Interface + Intrusion Software + 1d10 vs. Security AI’s INT + Interface + Counter-Intrusion Software +1d10

If the netrunner succeeds, nothing happens and he may attempt further tasks. If he fails the contest, the Security AI is alerted that something unusual has just occurred, and the netrunner will have to either hide from the AI or defeat it in quick combat. If the netrunner fumbles this roll, the general alarm goes off, and the sysop, usually another human netrunner, will engage the intruder in combat.

 

 

Cyberspace Combat

Initiative: At the start of any action, an initiative roll will determine who acts first. In cyberspace combat, milliseconds are a matter of life or death.

Defender INT + System Speed + 1d10 vs. Attacker INT + System Speed + 1d10

Contest of Skill versus system AI, Netrunner, or Sysop: Use the following equation for handling any opposed contest of skills. In this setting, there will be an AI, expert system, or human opponent lurking in nearly every system. This one mechanic will suffice to decide any questions of who won or lost.

Attacker INT + Interface + Program STR + 1d10 vs. Defender INT + Interface + Program STR +1d10

The AI’s that a netrunner will face in 2095 are usually hardware based, relatively inflexible, but extremely stable – this is a contrast to the pre-war “Infomorph” AI’s that led to the atrocities in 2030’s Siberia. Such self-aware software based AI’s are now banned all around the world, and thus so rare as to be more urban legend than reality. Modern AI’s are experts within a limited capacity, but not especially creative. The most common one encountered by hackers is the “Security AI” which acts as a 24/7 tireless sysop, monitoring system and network functions, dealing with routine threats, and notifying humans when needed. Some typical encounters are listed below:

“Desktop” AI ($2800) – INT-4, Initiative +0, Counter-Intrusion +4, Defensive +4

Mid-range Security AI ($14,400) – INT-6, Initiative +0, Counter-Intrusion +6, Defensive +6, Offensive (Anti-Software) +6

High End Security AI ($102,400) – INT-8, Initiative +1, Counter-Intrusion +8, Defensive +7, Offensive (Anti-Software) +8, Offensive (Anti-System) +8

 

Hardware and Software Costs

Rating	System INT	Intrusion	Counter-Intrusion	Offensive	Defensive
1	200	50	50	100	100
2	400	100	100	200	200
3	800	200	200	400	400
4	1600	400	400	800	800
5	3200	800	800	1600	1600
6	6400	1600	1600	3200	3200
7	12,800	3200	3200	6400	6400
8	25,600	6400	6400	12,800	12,800
9	51,200	12,800	12,800	25,600	25,600
10	124,000	25,600	25,600	51,200	51,200

 

Portable systems are x2 base cost.

System Speed modifies the base cost according to the chart below:

Speed	-2	-1	+0	+1	+2	+3	+4	+5
Cost	x1/4	x1/2	x1	x2	x4	x6	x8	x10

 

Offensive Software is modified according to the following:

Anti-Software is base price, unmodified from the main table.

Anti-System is x2 base price, reflecting the more sophisticated programming required to actually damage hardware.

Black ICE is generally illegal, costs x5 base price, and only affects users that are connected to the target system via interface cables. There are several types available, differing in flavor and targeted attributes:

·         “Mindwipe” software attacks the brain directly, reducing INT and/or COOL

·         “Nerve Burn” attacks the nervous system and cerebellum, reducing REF.

·         “Shocker” interferes with cardiac function, reducing BOD.