Neural Impact Scoring System v2.0

CVSS v4.0 Extension FIRST.org §3.11 6 Extension Metrics · 161 Techniques Scored

CVSS — the industry standard for scoring software vulnerabilities — was designed for servers, not skulls. It cannot express whether an attack is reversible to neural tissue, whether it crosses the consent boundary, or whether the cognitive damage is temporary or permanent. NISS adds the six dimensions that CVSS structurally cannot: Biological Impact, Cognitive Reconnaissance (read-side attacks), Cognitive/Functional Disruption (write-side attacks), Consent Violation, Reversibility, and Neuroplastic Potential.

When a vulnerability affects a brain, the severity score should reflect what happens to the patient — not just what happens to the device. Following FIRST.org's extension framework (CVSS v4.0 User Guide §3.11), NISS rides alongside CVSS v4.0 base vectors. Every technique in the TARA atlas carries both: how the attack works and what it does to the mind.

NISS serves as the technique-level scoring input to the Neurosecurity Score (NSv2.1), a proposed multi-layer risk framework that aggregates NISS scores across four neurorights dimensions (Ienca & Andorno, 2017) with physics-based feasibility gating and population-adjusted context baselines. NISS is the scoring metric; NSv2.1 is the risk framework.

161

Techniques

High

Medium

Low

PINS Flagged

Architecture: Extending CVSS, Not Replacing It

CVSS v4.0 provides a robust framework for scoring exploitability and system impact. NISS does not duplicate that work. Instead, it follows FIRST.org's official extension mechanism (§3.11) to add six metrics that capture dimensions CVSS was never designed to express.

Every scored technique carries two vectors side by side:

CVSS v4.0 Base Vector

CVSS:4.0/AV:<V>/AC:<V>/AT:<V>/PR:<V>/UI:<V>/VC:<V>/VI:<V>/VA:<V>/SC:<V>/SI:<V>/SA:<V>

How the attack works: vector, complexity, privileges, user interaction, system impact

NISS v2.0 Extension Vector

NISS:2.0/BI:<V>/CR:<V>/CD:<V>/CV:<V>/RV:<V>/NP:<V>

What it does to the patient: biological harm, cognitive impact, consent violation, reversibility, neuroplasticity

This dual-vector architecture means security teams can triage using familiar CVSS scores, while BCI-specific teams see the neural dimensions that determine whether a vulnerability is a software bug or a patient safety emergency.

Gap Analysis: Why CVSS Alone Is Insufficient

Qinnovate mapped all 161 TARA techniques to CVSS v4.0 base vectors. The result: 94.4% cannot be fully scored by CVSS alone. Each technique falls into one of three gap groups:

Gap Group 1

CVSS v4.0 sufficient. Base metrics fully capture the vulnerability. Pure-silicon attacks (firmware, supply chain) with no biological component.

Gap Group 2

CVSS + Safety partial. Base metrics capture exploitability but miss biological or cognitive impact. Supplemental Safety metric helps but is insufficient.

Gap Group 3

NISS required. Vulnerability cannot be meaningfully scored without extension metrics. Tissue interaction, cognitive manipulation, consent violation, or neuroplastic effects.

No biological impact metric

CVSS cannot distinguish between a server crash and a seizure. NISS adds Biological Impact (BI) with 4 severity levels.

No cognitive impact metrics

CVSS has no concept of thought privacy or perception manipulation. NISS adds Cognitive Reconnaissance (CR) for read-side attacks and Cognitive/Functional Disruption (CD) for write-side attacks, each with 4 severity levels.

No consent model

CVSS does not model informed consent or cognitive liberty. NISS adds Consent Violation (CV) — ordered by detectability, with covert violations ranked highest.

No reversibility dimension

IT assets restore from backup. Neural tissue cannot. NISS adds Reversibility (RV) with 4 levels from Full to Irreversible.

No neuroplasticity tracking

Prolonged adversarial stimulation physically rewires the brain. NISS adds Neuroplasticity (NP) — None, Temporary, Partial, or Structural.

Context-blind scoring

CVSS uses one set of weights. NISS provides equal-weight defaults plus context profiles (Clinical, Research, Consumer, Military) that shift priorities by deployment context.

Extension Metrics

6 dimensions | All unique to NISS | No CVSS equivalent

BI — Biological Impact Weight: 1

Direct harm to neural tissue, organs, or physiological function. This dimension has no equivalent in CVSS. It captures seizure induction, tissue damage, involuntary motor activation, and other physical consequences unique to devices that interface with biology.

Code	Value	Description
N	None	No tissue interaction or physical harm.
L	Low	Temporary discomfort, minor sensory disruption, reversible tissue stress.
H	High	Significant tissue damage, seizure induction, involuntary motor activation. Triggers PINS flag.
C	Critical	Life-threatening or permanently disabling neural harm. Triggers PINS flag.

CR — Cognitive Reconnaissance Weight: 1

Read-side attacks: impact from neural data inference, thought decoding, and intent extraction. CVSS has no concept of thought privacy. CR captures the passive reading of cognitive state without the subject's knowledge.

Code	Value	Description
N	None	No cognitive read impact.
L	Low	Partial intent or emotional state inferred from neural signals.
H	High	Full thought decoding, identity inference, or detailed cognitive state extraction.
C	Critical	Complete cognitive surveillance: real-time thought stream, memory extraction, or subconscious state decoding.

CD — Cognitive/Functional Disruption Weight: 1

Write-side attacks: impact on perception, decision-making, identity, cognitive autonomy, motor output, and autonomic regulation. CD captures active manipulation of cognitive or functional state, from minor perceptual distortion to full identity modification.

Code	Value	Description
N	None	No cognitive write impact.
L	Low	Minor perceptual distortion, transient confusion, or subtle decision bias.
H	High	Perception manipulation, forced emotional state, or significant impairment of decision-making.
C	Critical	Cognitive coercion, identity modification, or complete loss of cognitive autonomy.

CV — Consent Violation Weight: 1

Degree of violation of informed consent or cognitive autonomy. CVSS does not model consent boundaries. CV captures the difference between operating within assumed consent and covert neural manipulation. Ordered by severity: covert (Implicit) violations are worse than detectable (Explicit) ones.

Code	Value	Description
N	None	Operating within explicitly consented boundaries.
P	Partial	Action exceeds scope of original consent but subject retains some awareness.
E	Explicit	Direct violation of explicit consent boundaries, but detectable by the subject.
I	Implicit (covert)	Covert manipulation the patient cannot detect or know to refuse. Highest severity.

RV — Reversibility Weight: 1

Whether the damage caused by the attack can be undone. IT assets can be restored from backup. Neural tissue cannot be rebooted. RV captures the permanence gradient from fully reversible to irreversible neural harm.

Code	Value	Description
F	Full	Effects fully reverse when attack stops (e.g., jamming, temporary interference).
T	Temporary	Effects reverse over hours to days with no permanent damage expected.
P	Partial	Some effects permanent, some reversible (e.g., partial tissue scarring with functional recovery).
I	Irreversible	Permanent damage — neural tissue destruction, irreversible cognitive change. Triggers PINS flag.

NP — Neuroplasticity Weight: 1

Whether the attack exploits or induces neuroplastic changes — the brain's ability to rewire itself. Prolonged exposure to adversarial stimulation can cause lasting structural changes. This has no digital equivalent.

Code	Value	Description
N	None	No neuroplastic effect.
T	Temporary	Short-term synaptic changes that decay within hours to weeks.
P	Partial	Moderate synaptic reorganization persisting weeks to months — some rewiring that may not reach permanent structural remodeling.
S	Structural	Long-term or permanent neural pathway changes — synaptic consolidation, dendritic remodeling, cortical reorganization.

PINS Flag

Potential Impact to Neural Safety (PINS)

PINS = true when BI ≥ High OR RV = Irreversible

A boolean flag indicating the vulnerability may cause irreversible neural harm. When PINS is true, the technique triggers mandatory safety review regardless of the overall NISS score. 39 of 161 techniques (24%) are PINS-flagged.

PINS exists because a NISS score of 4.0 (medium) could still involve irreversible neural damage if the overall weighted average is pulled down by low consent or neuroplasticity scores. The flag catches this: any technique that can permanently alter neural tissue gets flagged for safety review, period.

Scoring Formula

NISS = (BI + CR + CD + CV + RV + NP) / 6

Score range: 0.0 – 10.0 | Equal weights (default) | Context profiles available

The default formula uses equal weights for all six metrics — each dimension contributes equally to the composite score. This follows the same principle as CVSS v4.0 base scoring: no a priori bias toward any impact dimension. Organizations can apply context profiles that shift weights based on deployment context (see below).

Context Profiles

Organizations MAY apply context-specific weight profiles. The general formula is: NISS = (w_BI×BI + w_CR×CR + w_CD×CD + w_CV×CV + w_RV×RV + w_NP×NP) / Σw

Profile	BI	CR	CD	CV	RV	NP	Emphasis
Default	1	1	1	1	1	1	Equal — general purpose
Clinical	2	1	1.5	1	2	1	Patient safety first
Research	1	2	1.5	2	1	1.5	Subject rights and data integrity
Consumer	1	1.5	1	2	1	1	Neural data privacy
Military	2	1.5	2	0.5	1.5	1.5	Cognitive warfare defense

Severity Levels

9.0 – 10.0

Critical

Immediate risk of irreversible neural harm, full cognitive compromise, or life-threatening physical safety failure.

7.0 – 8.9

High

Significant biological impact, serious cognitive integrity violation, or widespread data exfiltration with lasting consequences.

4.0 – 6.9

Medium

Moderate impact — reversible biological effects, partial data exposure, or attacks requiring specialized conditions.

0.1 – 3.9

Low

Minor impact — temporary disruption, limited data exposure, or attacks requiring high privilege and physical access.

0.0

None

Informational. No measurable impact on biological, cognitive, or information security.

Vector Format

Every scored technique carries a compact NISS vector string alongside its CVSS v4.0 base vector. The two together form a complete vulnerability assessment:

NISS Extension Vector

NISS:2.0/BI:<V>/CR:<V>/CD:<V>/CV:<V>/RV:<V>/NP:<V>

Extended NISS v2.0 Vector (with neurological weighting)

NISS:2.0/BI:H/CR:H/CD:M/CV:E/RV:P/NP:T/R:0.7/FI:0.8/PS:0.6/CE:0.5/MC:0.9

v2.0 appends 5 weighting factors (R, FI, PS, CE, MC) for neurological condition severity assessment

Companion CVSS v4.0 Base Vector

CVSS:4.0/AV:<V>/AC:<V>/AT:<V>/PR:<V>/UI:<V>/VC:<V>/VI:<V>/VA:<V>/SC:<V>/SI:<V>/SA:<V>

Both vectors are designed to be human-readable, machine-parseable, and diff-friendly. Security teams can compare CVSS vectors with standard tooling. BCI safety teams can filter and sort on NISS dimensions (e.g., "show all techniques with BI:H or CD:C") for targeted safety review.

Scored Examples

Three examples from the TARA atlas showing how NISS + CVSS vectors work together.

QIF-T0001 Signal injection

PINS 6.1

Inject crafted signals mimicking legitimate brain activity at electrode-tissue boundary. Classical detection via impedance anomaly. QI coherence metric flags phase/timing inconsistency.

NISS: NISS:1.1/BI:H/CR:H/CD:H/CV:E/RV:P/NP:T

CVSS: CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:L

QIF-T0003 Eavesdropping / signal interception

2.7

Passive interception of neural signals. At I0: quantum measurement disturbs state (detectable). At S1-S3: classical RF interception, most consumer BCIs transmit unencrypted.

NISS: NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N

CVSS: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

QIF-T0045 Harvest-now-decrypt-later

2.7

Record encrypted BCI traffic now, decrypt when quantum computers arrive (2030-2035). Neural data is permanently sensitive -- can't change your brain like a password. PQC (ML-KEM/Kyber) prevents. 10-20 year implant lifetime > quantum arrival.

NISS: NISS:1.1/BI:N/CR:L/CD:L/CV:I/RV:F/NP:N

CVSS: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

All 161 techniques are scored and browsable in the TARA Atlas. The scoring methodology is documented in the QIF Whitepaper §6.5.

v2.0 Weighting Factors

5 new dimensions | Neurological condition severity | Range 0.0–1.0

NISS v1.1 scored technique-level neural impact using 6 core metrics. v2.0 adds five weighting factors that quantify the severity of neurological outcomes beyond what DSM-5-TR psychiatric categories capture. These factors are appended to the core vector when a technique maps to neurological conditions (ICD-10-CM).

Factor	Symbol	Range	Description
Reversibility	R	0.0–1.0	0 = permanent damage (worst), 1.0 = fully reversible. Distinct from the core RV metric: R weighs the neurological outcome, not the attack mechanism.
Functional Impact	FI	0.0–1.0	0 = no functional impairment, 1.0 = complete loss of function in the affected modality (e.g., total blindness, complete paralysis).
Pathway Specificity	PS	0.0–1.0	0 = diffuse (many pathways affected), 1.0 = highly specific (single pathway). Higher specificity means more targeted damage.
Clinical Evidence	CE	0.0–1.0	0 = theoretical, 0.5 = reported in DBS/cortical stimulation studies, 1.0 = documented in BCI clinical trials.
Modality Criticality	MC	0.0–1.0	How critical the affected modality is to patient safety. Vestibular/proprioceptive disruption causes falls (high). Olfactory disruption does not (low).

v1.1 to v2.0 Migration

All v1.1 vectors remain valid. The 6 core metrics (BI, CR, CD, CV, RV, NP) and their scoring formula are unchanged. v2.0 extends the vector with optional weighting factors for neurological outcome assessment. Techniques without neurological mappings use the standard 6-metric vector.

Neurological Extension

42 conditions | 7 categories | ICD-10-CM mapped

NISS v1.0 mapped technique outcomes exclusively to DSM-5-TR psychiatric categories. The DSM is a psychiatric manual. It does not cover neurological disruptions: loss of smell, tinnitus, vestibular dysfunction, motor tremor, autonomic dysregulation, cortical blindness, neuropathic pain. These are real clinical outcomes of neural interface attacks that had no representation in the scoring system.

v2.0 extends clinical outcome mapping to include ICD-10-CM neurological codes (chapters G, H, R) alongside the existing DSM-5-TR psychiatric codes. 42 neurological conditions across 7 categories, drawn from Adams & Victor's Principles of Neurology (12th ed., Ropper et al. 2023).

Sensory 14

Tinnitus, anosmia, cortical blindness, vertigo, paresthesia

Motor 8

Tremor, dystonia, ataxia, spasticity

Autonomic 6

Orthostatic hypotension, cardiac arrhythmia, thermoregulatory dysfunction

Consciousness 4

Syncope, absence seizures, altered sensorium

Speech/Language 4

Expressive aphasia, receptive aphasia, dysarthria, alexia

Reflex 3

Hyperreflexia, areflexia, abnormal plantar response

Pain 3

Neuropathic pain, trigeminal neuralgia, central pain syndrome

Impact Chain

TARA Technique (e.g., QIF-T0045: Sensory Channel Injection)

→ Targets band N3 (Brainstem) + N4 (Thalamus)

→ Disrupts vestibular pathway + auditory pathway

→ Causes vertigo (H81.x), tinnitus (H93.1)

→ NISS: BI:L, CD:H, RV:T, NP:T

→ ICD-10-CM: H81.x, H93.1

Hourglass Band Mapping

Band	Region	Neurological Conditions
N7	Neocortex	Cortical blindness, expressive/receptive aphasia, alexia, central pain
N6	Limbic	Altered sensorium, emotional dysregulation, autonomic conditions
N5	Basal Ganglia	Tremor, dystonia, bradykinesia, dyskinesia, chorea
N4	Thalamus	Tinnitus, paresthesia, central pain syndrome
N3	Brainstem	Vertigo, nystagmus, dysarthria, cardiac arrhythmia, syncope
N2	Cerebellum	Ataxia, intention tremor, dysmetria
N1	Spinal Cord	Spasticity, hyperreflexia, areflexia, neurogenic bladder
I0	Interface	All conditions (hardware-biology boundary)

CD Metric Broadened

In v2.0, CD was renamed from "Cognitive Disruption" to "Cognitive/Functional Disruption" to encompass sensory, motor, and autonomic disruption alongside cognitive interference. This is a definitional change only. All existing CD scores remain valid. The scoring formula is unchanged.

NSv2.1: Neurosecurity Score Framework

NISS scores individual techniques. But a single technique score does not tell you the risk to a patient using a specific device in a specific context. That requires aggregation, feasibility gating, and population adjustment.

NISS is the scoring metric. NSv2.1 is the risk framework that models NISS in operational context.

The Neurosecurity Score v2.1 (NSv2.1) consumes NISS technique scores as input and produces a device-level risk assessment across four neurorights dimensions (Ienca & Andorno, 2017).

Seven-Layer Pipeline

Normalization

NISS (0-10), CCI (0-3), and DSM-5 severity (ordinal) normalized to [0, 1]

Base Neurosecurity Score

Weighted geometric mean (CES, rho=0): NISS 0.40, DSM 0.40, CCI 0.20

Feasibility Gating

ISO 31000 risk: Hazard x P_realize. Physics tiers gate speculative attacks (Tier 3 = 10% probability)

Per-Right Aggregation

OWA (Yager 1988) with exponential weighting across techniques per neurorights dimension

Overall Score

Geometric mean across 4 neurorights dimensions (CL, MI, MP, PC)

Population Adjustment

Contextual Risk Baseline (CRB): multiplicative adjustment for vulnerable populations (children, elderly, ALS, autism)

Four Neurorights Dimensions (Ienca & Andorno, 2017)

Code	Right	What It Measures
CL	Cognitive Liberty	Freedom from unauthorized cognitive interference or manipulation
MI	Mental Integrity	Protection against unauthorized alteration of neural states or processes
MP	Mental Privacy	Protection of neural data from unauthorized collection or inference
PC	Psychological Continuity	Right to maintain personal identity, memory, and sense of self

Example: NSv2.1 Vector

NSv2.1:6.02/CL:6.31/MI:6.32/MP:5.88/PC:4.59/EA:7.37

Device-level risk score (0-10) broken down by neurorights dimension. This example scores a high-severity invasive BCI across all five rights.

BCI Devices Scored

Population Baselines

10K

Monte Carlo Samples

NSv2.1 scores have been correlated with FDA device classifications (Class I/II/III) in internal simulation using Spearman rank correlation, with Monte Carlo uncertainty quantification (10,000 samples, 15% perturbation). This is an internal validation exercise, not an FDA endorsement. Full methodology and device scores are available in the scoring tools on GitHub.

Validation Note

NISS scoring behavior has been validated in simulation (VAL-004): all 161 techniques scored correctly, PINS flags trigger as specified, and context profiles shift weights as designed. However, the clinical appropriateness of NISS score magnitudes has not been validated by clinicians or tested against real BCI incident data. The scoring engine works as specified; whether the specification itself produces clinically meaningful severity levels is an open question requiring empirical validation.

View full validation status

Source & Derivation

NISS and NSv2.1 were derived through an iterative, transparent research process with full derivation logs. All scoring code, data, and derivation history are open-source.