[mynameisjeff]

I'm excited to have stumbled onto this forum.

I was wondering how other GMs handle cyber combat, specifically in the event that a hacker defeats an IC.  Should the hacker crash the IC, do you immediately launch another? Do you wait a couple turns before, or cancel the alert?

My thinking was to allow the hacker to attempt to disable the alarm, where the node would roll to detect, and launch another IC if successful.

In your games, should a hacker trigger an alarm and crash the IC sent after him, what do you do next?

[Mantis]

Depends on what the system is supposed to be set up to do. If you have Unwired, it contains some examples of what happens when an alert is triggered and what the response is. Generally if the IC goes down, then the system will alert a Security spider to investigate or it may just boot the offending hacker. If the hacker has high enough account privileges (generally admin), then he can cancel the alert. Really, the system responds however you decide it should. It will depend on things like how secure the system is, what it protects and just how much resources the owner has. A Stuffer Shack franchise isn't likely to be packing Black IC and 4 on duty Spiders. On the other hand, this could be the minimum for an Aztechnology R&D system.

[Mithlas]

Beyond the good advice Mantis already mentioned, in lower-end nodes (such as that stuffer shack), you're not likely to run into multiple IC, and only paranoid owners would have Black IC. If a hacker on such a system did disable the IC, then a Security account would likely be all that's necessary to allow them to cruise around.

On the security guard post node watching a parking lot leading into an R&D building, you're very likely going to have an alert go off as it pings one of the in-house spiders from the subscribed network, and it may put the guards on alert. A security account may or may not be enough to disable the alert status that would likely go up.

Inside that R&D facility? The alarm is going to sound and it's going to activate at least one more Black IC while also pinging on-site security spiders, and even Admin accounts would have difficulty trying to quiet things down.