CEA

51.5074° N · 0.1278° W — Strategic Mapping Platform

Cyber Escalation
Atlas

A policy-grade reference mapping how state-linked cyber operations unfold, escalate, and reshape international governance.

Explore CasesView Escalation Lens
30Cases
4Lenses
7Actor Profiles
6Norms Tracked

Featured Cases

Landmark Incidents

2017 · GlobalDestructive

NotPetya

Supply-chain wiper disguised as ransomware. $10B+ in collateral damage across 65 countries.

Read analysis
2020 · United StatesEspionage

SolarWinds

Nine-month supply-chain compromise of ~18,000 organizations. Redefined persistent access at scale.

Read analysis
2022 · EuropeDestructive

Viasat KA-SAT

Satellite modem wiper timed to kinetic invasion. Collateral outages across NATO states.

Read analysis

Analytical Lenses

Four Dimensions of Analysis

Each lens offers a distinct perspective on the same underlying incidents, revealing patterns invisible from any single vantage point. Every case is analyzed through all four dimensions simultaneously.

ESC

Escalation Lens

How cyber operations climb the escalation ladder from access to strategic impact.

Interactive Unpeace scoring plots all 30 cases across Stable / Contested / Escalatory zones. Filter by operation type, peak tier, and restraint factors. Each case shows phase-by-phase escalation trajectories and threshold crossings.

Unpeace Score PlotThree-Zone ClassificationRestraint Factor Analysis
Enter lens
INF

Infrastructure Lens

Technical systems targeted and exploited across state-linked campaigns.

Eight critical sectors — Energy, Finance, Government, Healthcare, Telecommunications, Transportation, Defence, Technology — each with strategic importance assessments, dependency maps, typical cyber effects, escalation proneness ratings, and governance vulnerabilities.

Sector Dependency MapsEntanglement ScoringICS/OT Analysis
Enter lens
GOVPriority

Governance Lens

Policy responses, international norms, and regulatory frameworks shaped by incidents.

Tracks seven governance flags — norm violations, public attribution, sanctions, indictments, regulatory responses, international coordination, and precedent-setting — with rule citations from the Tallinn Manual 2.0, UN GGE, and ILC Articles on State Responsibility.

Governance Flag MatrixRule CitationsPolicy Response Tracking
Enter lens
ATT

Attribution Lens

Who attributed, in what sequence, with what evidence, and to what political consequence.

Attribution Confidence Matrix cross-referencing cases against six attributing actors. Expandable attribution chain timelines showing who attributed, when, with what evidence basis. Cases grouped by consequence type: Sanctions, Indictment, Diplomatic Expulsion, Public Naming Only, No Formal Response.

Confidence MatrixChain TimelinesConsequence Grouping
Enter lens

Data & Tools

Explore the Dataset

Interactive tools for navigating 30 structured case studies across time, actors, sectors, and cross-case comparison.

TML

Timeline

All 30 cases plotted chronologically from 2007 to 2025, sized by Unpeace score and coloured by operation type. Governance milestones — UN GGE consensus, OEWG mandates, Tallinn Manual adoption — overlaid as reference markers.

Reveals three distinct clustering periods: pre-norm pioneering (2007–2014), contested norm emergence (2015–2019), and escalatory industrialisation (2020–present). The 2017 GGE consensus failure correlates with observable acceleration in destructive operations.

Open tool
ACT

Threat Actor Profiles

7 named threat actors — Sandworm, Lazarus Group, SVR/APT29, Hafnium, and more — each with state nexus, mission classification, primary sectors targeted, operational period, TTPs, behavioural signatures, and governance footprint.

Dominant operation type analysis, case linkage, and temporal activity range for each actor. Profiles connect technical capability to strategic intent and policy implications.

Open tool
SEC

Sector Risk Dashboard

Incident distribution across 11 critical infrastructure sectors. Each sector card shows incident count, most recent attack year, dominant operation type, and average Unpeace score.

Drill into any sector for case-level detail, TTP concentration analysis (top MITRE ATT&CK tactics), and governance response pattern mapping across implicated cases.

Open tool
CMP

Cross-Case Comparison

Side-by-side comparison of two or more cases across escalation, infrastructure, and governance dimensions. Identify commonalities, divergences, and structural patterns.

Select any combination of the 30 cases to compare escalation trajectories, target sectors, governance flags, attribution timelines, and policy outcomes in a unified view.

Open tool

Research & Governance

Norms, Law & Analytical Output

Track the evolution of international cyber norms, map legal frameworks to real-world incidents, and generate structured analytical briefs.

NRM6 norms · 30 case interactions tracked

Norm Evolution Tracker

Six key international cyber norms tracked across all cases — their current status (Emerging, Contested, Partially Accepted, Violated Repeatedly), anchor instruments, and whether each case reinforced, violated, or exposed gaps.

Open tool
LEG4 frameworks · rule-level analysis

Legal Framework Mapper

International legal frameworks — UN Charter, IHL, Tallinn Manual 2.0, ILC Articles on State Responsibility — mapped rule-by-rule to cases in the dataset. Explores analytical controversies around sovereignty, due diligence, and countermeasures.

Open tool
BRF3 brief types · actor/sector/region filters

Brief Generator

Generate structured analytical briefs — Executive Summary (500 words), Technical Assessment (800 words), or Governance Analysis (800 words) — filtered by threat actor, target sector, and region.

Open tool
“This platform does not catalogue threats to be feared. It interprets incidents as strategic behaviors to be understood.”
Read our methodology·About the project

Creator

Risa Koyanagi — 小柳璃紗
Risa Koyanagi

Risa Koyanagi

Cambridge Future Scholar

Researcher working across space, nuclear, and emerging technology governance and strategic risk. Her work focuses on legitimation, dual-use systems, and authority architecture.

risakoyanagi.com

Research Ecosystem

Faultline — Strategic research ecosystem

This Atlas is part of Faultline — a research ecosystem mapping structural risk across cyber, space, nuclear, and emerging technology governance.

Cyber Escalation AtlasGlobal Nuclear Infrastructure AtlasOrbital Risk TrackerSpace Mandate Atlas