This section describes how slicing is accomplished against enemy computer systems and Netrunners.
All sliceable terminals are given a Security Level rating (Lvl 1, 2, etc). A terminal’s rated level correlates to the depth of system control and information it has access to. Accordingly, the level of a terminal is equivalent to the difficulty of the check needed to hack said terminal, usually. A guideline for rating terminals is presented below:
Level of Terminal = Difficulty of Computers Check to Slice
Level | Depth of System Control |
1 | Clerical Terminals, Sales Registers. These terminals carry only surface level information about a facility’s operations. Can access up to level 2 terminal controls. |
2 | Control Lights, Temperature, and publicly accessible entrances and terminals (lvl 1). Can access up to level 4 terminal controls. |
3 | Control Fire extinguishers, sprinkler systems, lvl 2 terminals and entrances. Can access up to level 6 terminal controls. |
4 | Control security force deployment, level 2 and 3 security Drones/AI, level 2 and 3 terminals and entrances. Can access up to level 8 terminal controls. |
5 | Control secure servers and access Black ICE protected information. Typically requires a direct uplink to access. Control level 5 and below terminals, entrances, and security forces/drones/AI. |
All terminals within a security network are linked to some degree. Bridging a connection between a lower level terminal and a higher level terminal allows a Netrunner to access the information and control available at that higher level. Each terminal level bridged in this way generates an intrusion point. The security level that a terminal can bridge access to is determined by the starting terminal’s own security rating.
For example, a level 1 terminal can be used to access a terminal rated level 2. Once a NetDiver has seized control of the level 2 terminal, it may be used to bridge access to a terminal rated up to level 4.
There are two ways to generate Intrusion Points. Each time a terminal level is bridged, it generates Intrusion Points. In the example above, bridging a level 1 and 2 terminal generates 2 Intrusion Points. Bridging a level 2 and 4 terminal generates 4 Intrusion Points. Thus, bridging systems from level 1 to 4 generates 6 total Intrusion Points.
Furthermore, NetDivers can generate intrusion points on any failed or high threat Computers Check within a system.
Intrusion Points are a measure of the system’s awareness of an enemy attack and the strength of countermeasures deployed to combat those attacks. Every intrusion point generated upgrades enemy AI and Drone countermeasure’s skill checks. Netrunners tend to relate intrusion points to the complexity of ICE (Intrusion Countermeasures Electronics) that may be deployed against them:
Intrusion Points | Type of ICE | ICE Functions and Tactics |
1 - 2 | White ICE | Alarm and Locate. AL ICE. Alerts the system to a potential intrusion and attempts to Locate the terminal which has been compromised. |
2 - 4 | Gray ICE | Alarm, Locate, and Defend. LAD ICE. Alerts the system to possible intrusion, attempts to locate the compromised terminal, and deploys defensive countermeasures to delay the attacker long enough for conventional security forces to arrive. |
3 - 6 | Blue ICE | Alarm, Locate, Defend, and Attack. DALAi ICE. Alerts the system to possible intrusion, locates and isolates the compromised terminal, deploys defensive countermeasures to delay the attack and directly combats the intruder with AI countermeasures. |
4 - 8 | Black ICE | Alarm, Locate, Defend, Attack, and Pursue. PALADin ICE. This is the most dangerous variety of ICE. In addition to deploying all the tactics of lower level ICE, it will actively pursue an attacker back to their home terminal or the compromised terminal and attempt to destroy them by any means necessary. |
The one exception to this scheme is Black ICE. Black ICE is ruthless and efficient, and the megacorps know it. Black ICE almost always guards the most protected data that a facility has. Of course, not all ICE is made equal; the better companies with more resources tend to have more esoteric, adaptive ICE.
“Detection is a foregone conclusion. Only the very lucky and the very very skilled aren’t detected. For everyone else, there is Spoofing.”
Ident Spoofing is a process by which a Deck Jockey can delay detection and/or delay the deployment of countermeasures. On an Ident Spoofing Computers check, one success temporarily lowers the Intrusion Point rating by 1 for 1 round or 5 min. Every 2 additional successes may temporarily lower the Intrusion point rating by 1. Every 2 advantages may be spent to increase the duration of this delay by +1 round or +5 min.
In order to acquire complete system control, Deck Jockeys have developed a slicing protocol. Collectively, these actions are called the SSD DA/R/E protocol: Search, Seizure, Decrypt, Data Acquisition/Recording/Erasure. Each step of this process requires a successful computers check to complete. If the relevant steps of the protocol have been successfully completed, the slicer has just owned the entire system.
However, not all actions need to be attempted to get what you want. You are free to only do some of them. Furthermore, you may combine multiple parts of the protocol into one check. Of course, this increases the difficulty of the check. Your ultimate trade-off is speed (time it takes to slice, multiple checks) vs. complexity of task attempted (how many different slicing actions you’re trying to do at once).
Netrunners make a Computers Check to find the location of the Data they are trying to acquire, or the target they’re trying to Seize. This action is for when you want to find out what’s hidden in the system, or you’re not sure where your target is hidden within the system. This step is primarily for mining pay data out of a complex storage system.
This action describes the process of acquiring system node control, control of a discrete virtual construct (protective programs/subroutines), or control over a specific real world system (i.e. fire suppression system). The Netrunner decides what they’re trying to achieve control over. The Deck Jockey must make a Computers check to seize control of their target. System nodes must be seized in this way to bridge a lower level terminal to a higher level one.
This is the catch-all-term for granting access to a protected system as well as breaking into enemy communication signals. In short, if you’re trying to breach a protected system/signal, the first thing you’re doing is decrypting their signals and codes to write yourself access.
Data acquisition is simply copying over target data onto a transferable system.
Data recording is for writing in new bits of data into a system without it being recognized as foreign code.
Data erasure is a simple wipe of all relevant data stolen or any other kind of targeted data which needs to be gone.
A NetDiver can attempt any slicing action with a separate computers check or she can combine actions in any way she wishes to complete her goal and get out of the system quickly.
Combining these actions can augment the difficulty of the Computers Check in any of the following ways:
Ultimately, the decision to increase diff, add setback, or upgrade is determined by the fictional circumstances surrounding the intrusion.
For example, if Data Erasure on a system is rated at 3 difficulty, attempting to perform data erasure and recording at the same time may increase the difficulty by +1 (Diff 4). Furthermore, attempting to copy, write, and erase all at the same time might increase the difficulty by +1 (Diff 4) and upgrade the check once (1 Challenge 3 Diff). These actions do not need to be done in any particular order. With perhaps the notable exception of Decrypt, that’s the initial type of action used to breach a system or signal. Still, you are free to combine Decrypt with any of the other Slicing actions.
The Slicing Actions presented here are to help guide slicers in what they can use computers to do. However, this by no means an exhaustive list. This list is simply there to help shape your approach to Decking.