| Metric | Description |
| None (N) | Attacks at this level can be executed without any direct interaction from the attacker. They often involve automated exploits or attacks exploiting system weaknesses without manual intervention (eg: worms or malware that can self-propagate across networks). These attacks can propagate at scale without human oversight, making them particularly dangerous. |
| Low (L) | The attacker’s interaction is limited to specific actions or inputs. This may involve providing initial parameters or configuring attack settings using semi-automated tools or scripts. While human involvement is required, it’s not continuous engagement throughout the attack (eg: phishing attacks). |
| High (H) | These attacks would require the attacker to actively engage with the system throughout the attack process. This involves making decisions, adapting to responses from the target system, and interacting with various components to achieve their objectives. Such attacks are typically more sophisticated and difficult to execute and manage. |