Simplified Netrunning Rules for GURPS Southowilson 2.0 (Updated 10/2/09)

In the simplified netrunning system, we will not be using any of the existing cinematic, “Matrix”-style netrunning rules. Instead, use the following heavily abstracted rules. Normal computers by 2095 are nearly all equipped with some sort of system AI. Computers in 2095 are generally considered TL9, though some examples of TL10+ systems are occasionally available. “Cyberdecks” are small portable computers that are specialized and optimized for intrusion and tactical purposes. This is where the Netrunner comes in, supplying his human reflexes and intuition to do battle with the system AI, aided by carefully chosen software.

Typical 2095 Computer Systems

 

·         Personal and small business systems – Complexity 5, IQ 8 Dedicated AI with effective skill-13                                                                            

·         Local government, local police systems, large local business  - Complexity 6, IQ 10 Dedicated AI with effective skill-16                                                        

·         Normal corporate systems, most federal government systems – Complexity 7, IQ 10 Non-Volitional AI with effective skill-17

·         Megacorp, military networks, or specific “high security” systems  - Complexity 8, IQ 12 Non-Volitional AI with effective skill-20

·         Extremely Illegal “No Such System Exists” Networks  - Complexity 10+, IQ 16 Volitional AI with effective skill-2

 

 

Programs

In this abstracted system, software is rated by Complexity, which can range from 1 to 15, though it is exceedingly rare to find anything above 5 or 6 commercially available at TL9. Each category of programs actually represents a useful cluster of individual sub-programs, each with cool names like "Flatline", "Aegis", "Safecracker 6.1" or whatever. Programs have double the listed cost for TL9+ software.

 

Intrusion Software – Software designed to infiltrate computer security, mask one’s electronic signal or trace, and slip pass password/ID verification protection.

Counter-Intrusion Software – Software designed to detect intrusion, alert system management, and protect systems against electronic attack of various sorts.

Offensive Software – Software designed to directly damage programs, hardware, or even directly attack the nervous system (so-called “Black ICE”). Exact effects depend on the software involved, and must be specified when purchased.

 

·         Anti-Software programs attack software and subroutines on a computer, reducing its efficiency and effectiveness.

·         Anti-System programs hinder or damage the computer directly by tying up resources or forcing actions that can damage delicate internal components.

·         Black ICE programs attack the human element directly, with a variety of possible effects. These are rare and illegal in most cases.

 

Defensive Software – Software designed to defend other software, hardware, or users from direct attack by offensive software. It essentially acts as armor, offering “all or nothing” protection against direct attack.

Utilities – Software designed to perform various functional tasks, such as file management, hardware maintenance, remote/drone operation, et cetera. In many cases, these can be defined as skills. Many AI’s can learn skills on their own, not requiring utility software. It is common to have them anyway. A utility program grants a certain number of character points in a single skill, defined by its complexity.

 

Complexity       Skill Points

1                              1

2                              2

3                              4

4                              8

5                              16

6                              20

7                              24

Add. +1            +4

Software is constantly becoming obsolete, so add a penalty to the older software in any contest, -1 for each month between the two. This means that successful netrunners are constantly on the prowl for the latest and greatest software. Obsolescence is detailed using the rules provided in GURPS Cyberpunk, p79.

In a cyberpunk world the development of hardware and software speeds along at the same pace that everything else does. Attack and defense programs become less effective as they age because human hotshots and dedicated AIs are constantly finding faults and releasing new versions. Your Codewall may not stand up against a new Icepick, but it will laugh at last year's model. The GM should define a release date for each piece of software that the PCs get, or that is used by NPCs. When two programs oppose each other in a Contest of Skills, the older program has a penalty as given on the table below:   1 month:   -1                 6 months: -9 2 months: -2                  7 months: -12 3 months: -3                  8 months: -15 4 months: -5                  9 months: -18 5 months: -7   Software more than 9 months old is simply useless in the world of high-stakes industrial espionage!

 

 

Common Tasks in Netrunning

Penetration: The netrunner will need to initially overcome passive defenses, passwords, and similar things simply to access the system. The easiest way to game this is with difficulty levels based on the sophistication of the target. The hacker/netrunner will need to defeat the system defenses in a contest of skill. The usual defense consists of the system AI’s “Computer Operations” skill (Defaults to IQ-4) + Defensive Software. System AI’s usually have Computer Ops at IQ level, but some systems are much stronger. Once the hacker has successfully penetrated the system, his margin of success determines the degree to which he has compromised the system security.

Crit. Failure       The system automatically traces the hacker’s current physical location and alerts authorities without his knowledge.

-5 to 0               The system recognizes that the hacker is an illegitimate user, and attempts to trace his location; Contest between Intrusion vs. Counter-Intrusion.

+1 to +2            Unsuccessful attempt, but the system accepts the runner as a legit user; try again at no penalty. Hacker may only access public areas of the system.

+3 to +4            Hacker has created a limited access account, allowing normal functions available to most internal users – not including accounts, security, et cetera.

5+                    Hacker has achieved a full access account, allowing all normal operator functions, including account creation, security, and sensitive areas.

Crit Success     Hacker has managed to penetrate the system fully, allowing full control over every aspect of the system as if the hacker was the system AI.

 

Every week, there is a chance that the hacker’s bogus account will be discovered, depending on the type of system. In general, the more secure the machine, the more frequently it will be audited. The weekly chance of detection is roughly equal to the system’s Complexity or less on 3d, adding +2 if the account is a “full access” account (they are audited more severely). As long as the hacker doesn’t attempt anything unusual for his account type, it is unlikely that the system AI will react to his presence. If the hacker is discovered, cyberspace combat may be initiated.

                                                           

 

Cyberspace Combat

Initiative: At the start of any action, an initiative roll will determine who acts first; highest roll goes first, followed in sequence counting down. In cyberspace combat, milliseconds are a matter of life or death.

Cyberspace Initiative = Basic Speed (IQ+DX/4) + System Complexity

Nearly all actions conducted in cyberspace combat are handled as a Contest of Skills, with the margin of success determining the specific effects. The skill used is always some variation of “Computer Operation” or “Computer Hacking” + Appropriate Program Complexity. The two major functions are Evasion and Attack

 

Evasion: If the hacker wishes to remain within the system and avoid further detection by the system AI or human sysops, it will be a contest of skills using the hacker’s Intrusion program against the defender’s Counter-Intrusion software. Roll a Contest of Skills, and consult the table below:

Crit. Failure       The system locks onto the hacker, who will be unable to evade the defender without first dropping offline completely.

-5 to 0               Defender is able to maintain a fix on the hacker, and can attempt an attack or trace normally.

+1 to +2            Hacker partially able to avoid detection; attacks against him this round are at a penalty equal to ½ the hacker’s “Intrusion” software complexity.

+3 to +4            Hacker is able to avoid detection this turn, but the system will remain engaged and continue to look for the hacker.  

5+                    Hacker eludes detection entirely, but the system remains wary… it knows someone was there, but not who or where.

Crit. Success    The defending system completely forgets the hacker was there, and no records of his presence remain.

 

Attack: Systems and humans may use various forms of software to directly attack each other. The specific effect depends of the margin of success in a contest between “Offensive” and “Defensive” software. The table below determines the exact effect of an attack; defense is largely passive.

 

Crit. Failure       The Defender is completely immune to attack by the Attacker, and cannot be affected by available software.

-5 to 0               The Defender completely avoids any effects from the current attack.

+1 to +2            The attacking software has ½ normal impact on the defender (half damage, half penalty, et cetera)

+3 to +4            The attacking software has normal effect on the defender; roll normally for damage.

5+                    The attacking software has maximum effect on the defender; maximum damage inflicted.

Crit. Success    The defender suffers double maximum effect from the attack.

 

Anti-Software programs reduce the effective Complexity of the targeted program by their own Complexity. When target Complexity reaches 0, the targeted program is useless until a new copy is installed on the affected system.

 

Anti-System programs reduce the IQ of the targeted system by their own Complexity. When the targeted system’s IQ reaches 0, the system crashes until it is repaired. IQ regenerates at ½ the system’s Complexity per minute, assuming it hasn’t been reduced to 0 already.

 

Black ICE attacks the human element directly, with a variety of possible effects. It is therefore a special case. These are detailed below:

·         “Zap” shocks the target through his neural interface, doing 1d-2 burning damage per Complexity level of the software. Most of the time, this will destroy the target’s system as well. Note that this also exposes the target to risk of heart attack per GURPS Basic p.432.

·         “Wipe” attacks the target’s brain functions, reducing IQ and DX by 1pt per Complexity level of the software. On a successful HT roll, this damage is temporary and can be recovered normally for a “Crippling Injury” per GURPS Basic p420. If IQ or DX is reduced to 0, the target goes into a coma and may die.

·         “Program” is more insidious than the others, inflicting mental disadvantages on the target equal to Complexity x 5 character points. This can include compulsions, phobias, reductions in Will, Perception, neurological disorders, and nearly anything else tied to the nervous system.