=Habitat Mesh Systems= 
The Eclipse Phase core rules provide details on many different ways hackers might subvert habitat security. Further information is provided throughout this section for gamemasters who wish to introduce more detail and realism to the process of hacking habitat systems.
==Habitat Mesh Topology== 
As detailed under [[Habitat Systems#Mesh%20Systems|Mesh Systems]], there are simply too many habitat systems to condense into a single habitat control network—and too much information for a single intelligence to oversee. Instead, the various habitat functions are broken down into distinct mesh systems, each handled as a separate VPN with its own dedicated AIs and infomorphs. Many of these are broken down into further subsystems. Subsystems are almost always slaved to the master system in the hierarchy above them, meaning an authorized user on the master system can automatically access the slaved subsystem. Some systems retain an intentionally decentralized (or even factionalized) setup, while others are overseen by a master control network.
Every habitat is likely to have its own distinct network layout. Gamemasters expecting to run extensive encounters involving complex systems, especially on large habs, may want to create a map of mesh systems and the links between them, with notes on who controls or has access to what systems. A good system map will also show where important slaved devices are connected, and whether those connections are wireless, hardwired, or both.
===Defining (Sub)Systems=== 
At the top levels, each aspect of habitat operations is likely to have its own independent VPN. Though these vary, the following mesh networks are common: administration, defense, infrastructure, public service, resources, security, and spaceport. Many of these have a number of slaved subsystems, each their own VPN. Infrastructure, for example, could have hull, life support, maintenance, power, sewage, and water subsystems. Operations that eat up a lot of processor power (like running AGIs, infomorphs, egocasting, or simulspace) very likely have their own dedicated subsystems.
On larger habitats, each regional area of the station will have its own top-level network, with the various habitat ops serving as subsystems, or vice versa. On smaller habitats, several systems might be consolidated if it makes sense to do so (e.g., defense and security functions might be consolidated, or spaceport systems might be meshed with infrastructure).
====**Sidebar: Optional Rule: TIM (Too Many Interfaces)**==== 
On large stations or habitats with an impressive number of active subsystems, scanning frequencies to ﬁnd a desired subsystem or device might be complicated by the huge number of signals through which one has to sift. Gamemasters may apply a penalty from −10 to −30 on the [[Interfacing]] Test to ﬁnd a subsystem or device in this situation. Stronger signals are easier to ﬁnd, so physical proximity to the target system should reduce or negate this penalty.
===Mesh Nets and Entoptics=== 
Users with authorized access to a particular habitat mesh network—or who have hacked access—can pull up an entoptic overlay of that particularly VPN’s data as they move about the station. A user with access to the power network, for example, could get a visual overlay showing them where major power conduits lay, the location of nearby wireless power transmitters, power consumption rates of speciﬁc inhabitants/devices/services, and diagnostics on the solar arrays and reactors, among many other things. People with access to multiple networks can layer this entoptic information on top of each other. The same user with access to the life support mesh could compare the power feeds to different life support components or see what functions would be impaired if a certain power conduit was severed, and so on.
Access to a master control network, if there is one, provides entoptic overlays from many (if not all) of the subsystems. This is a powerful tool to have at one’s disposal. Likewise, security mesh access grants the user access to sensor systems across the habitat—including many that are hidden from the public or that watch over private areas.
===Redundancy and Backups=== 
Accidents and disasters happen, systems occasionally fail. On a space habitat, this can be devastating. To counter this problem, almost all critical and major mesh networks have backup and redundancy options. Emergency power batteries can power critical networks for limited periods even in the case of a major power failure, and backup radio transceivers and wired systems can be brought online should existing systems be somehow taken down. Many mesh networks have the capability to take over the functions of a sister network should that network somehow become infected or damaged. The protocols for making this switch are closely guarded and often require authorization from multiple accounts.
==Interfacing and Access== 
Habitat mesh networks follow all of the standard rules for [[Mesh Security|security]] and [[intrusion]].
===Wired vs. Wireless=== 
When drawing up a system map, gamemasters should note which subsystems are accessible by wireless, which are hardwired, and which have redundant connections. Vital systems like life support, power grids, weapon systems, and the like are almost always hardwired and therefore can only be accessed physically. Locating hardwired access points for a given system requires a [[Hardware]]: Electronics Test. [[Profession]]: Habitat Ops or another relevant Knowledge skill may be used as a complementary skill. Modiﬁers for the Hardware Test should take into consideration how complex the habitat is, whether the character making the test is familiar with the system, and whether they have access to station blueprints, schematics, or the like.
Whether wireless systems are used in addition to hardwired links is a design choice, often reﬂecting how paranoid a system’s designers were. Wireless controls for life support systems, for instance, are rarely used due to the extreme danger posed by sabotage. Similarly, critical spaceport systems, airlock safety controls, and the like rarely allow for wireless access. Weapon batteries are normally hardwired. However, on some stations, a wireless interface is installed that becomes active only if the battery’s wired link to the ﬁre control system is damaged. This is not an uncommon design choice, because hacking the backup wireless interface on a gun emplacement is generally impossible in the heat of combat.
===System Security=== 
Habitat mesh networks are almost universally set up as virtual private networks using public key cryptosystems. This extra security makes them more challenging to hack. Oversight by AI, AGI, or infomorph monitors and security hackers is common place, especially essential networks.
Both master control networks and the core systems of major station equipment (particularly power, defense, and life support) tend to be very well secured. In many cases, this will include state-of-the-art or highly customized software, reducing the the effectiveness of exploit software (–10 to −30 on Intrusion Tests). For this reason, hackers often go after less-defended subsystems.
Station security admins vary in discipline and style. Some are human, while others are expert systems. Hackers might receive a bonus of +10 to +20 on [[Infosec]] Tests due to sloppy security administration or they might suffer penalties of −10 to −30 from such factors as many eyes on the system, skilled system design, or AGI admins.
Critical habitat communication channels are likely to be encrypted with quantum encryption on larger habitats.
===Accessing Slaved Subsystems=== 
Authenticated users on a master system almost always have access privileges to slaved subsystems. Accessing them takes a Complex Action, requires no tests, and bypasses both the ﬁrewall and active security. At the gamemaster’s discretion, however, intruders with Hidden status will be downgraded to Covert status on the subsystem, as the intruders must pass themselves off as a legitimate user to access. Intruders who want to remain Covert can instead take the time to bypass the subsystem’s ﬁrewall and active security (with a +30 modiﬁer for having already rooted the master system).
On high-security systems, users with access privileges on master networks may still be required to re-authenticate themselves on slaved networks, but this is rare and an impediment to daily operations. Instead, standard practice is usually to safeguard only critical components, such as reactor controls, life support functions, defense emplacements, etc.
Each subsystem is its own system, with another level of slaved devices and subsystems. The higher up the chain one has authorization (legit or hacked), the deeper one can go.
===System Hacking=== 
Each system and subsystem within a station is considered separate for purposes of detection, intruder status, and other intrusion-related mechanics. Aside from master-slave network relations, some linked subsystems may grant access privileges to authenticated users of sister subsystems, particularly if their habitat operation focuses overlap. A custom ofﬁcer with user access on the customs network, for example, may also have privileges to the local surveillance mesh, despite not having the rank to have access to the upper-tier security mesh network. In some of these cases, the user will have access but fewer privileges, meaning there will be less system operations they can conduct.
Hackers who have been detected (Spotted status) penetrating a system can exploit the differing levels of authentication by hopping to a different subsystem in the hierarchy—or even the master system. Monitors can attempt to track the intruder with an Opposed [[Infosec]] Test; they receive a +30 modiﬁer to do so. If they fail, the intruder’s status is upgraded to Covert following the hop. Hackers with Locked status, however, may not jump to another system in the hierarchy; because they have been detected, they will be locked out of linked systems.
Hopping between separate systems is handled as a normal intrusion.
===Other Hacking Considerations=== 
Mapping the subsystems making up a station’s mesh is sometimes an important precursor to making Infosec attacks. Knowing which subsystems do what is obviously very important, but mapping out subsystem connections provides the added beneﬁt of helping a hacker evade active security. This is a laborious process and can take weeks of effort. Depending on the circumstances, a standard mapping exercise should be handled as an Infosec Test with a two-week timeframe for small habitats and one month or more for larger. Having this knowledge on hand will help a hacker know where to look and where to go, without having to make [[Research]] Tests on the ﬂy. At the gamemaster’s discretion, a thorough mapping may also provide a bonus to Infosec Tests.
[[image:Habitat System Map.JPG width="800" height="515" align="center"]]


[ [[Home]] | [[Game Rules]] ]