Governance Lens
The governance dimension is central to the Atlas. This lens evaluates how international norms, attribution practices, sanctions, regulatory frameworks, and accountability mechanisms shape — and are shaped by — major cyber incidents.
8
Governance flags tracked
80
Total flag instances
2.7
Avg. flags per incident
Public Attribution
Most frequent flag (16 cases)
Governance Flags
The Atlas tracks eight governance dimensions across all documented incidents. Each flag indicates whether a specific governance mechanism was triggered, contested, or absent. Select a flag to examine its legal basis, political significance, and case-level applicability.
Applicability Matrix
How each governance flag applies across all incidents in the dataset. A filled circle indicates direct applicability; signal indicates contested or partial applicability.
| Incident | Norm ViolationNorm | Public AttributionAttr | Sanctions ImposedSanc | IndictmentIndt | UN DiscussionUN | Regulatory ChangeReg | International CooperationCoop | Deterrence SignalDet |
|---|---|---|---|---|---|---|---|---|
| NotPetya | ||||||||
| SolarWinds | ||||||||
| Stuxnet | ||||||||
| Sony Pictures | ||||||||
| Ukraine Grid I | ||||||||
| Ukraine Grid II | ||||||||
| WannaCry | ||||||||
| Colonial Pipeline | ||||||||
| Oldsmar Water | ||||||||
| Viasat KA-SAT | ||||||||
| Exchange/Hafnium | ||||||||
| Costa Rica / Conti | ||||||||
| Albania / Iran | ||||||||
| Shamoon / Aramco | ||||||||
| Bangladesh Bank | ||||||||
| Australia Parliament | ||||||||
| Iran Nuclear Cyber | ||||||||
| Taiwan Telecom | ||||||||
| Industroyer2 | ||||||||
| MGM / Scattered Spider | ||||||||
| Storm-0558 | ||||||||
| Change Healthcare | ||||||||
| Volt Typhoon | ||||||||
| Midnight Blizzard | ||||||||
| Kyivstar | ||||||||
| India–Pakistan Cyber | ||||||||
| Gaza Cybergang | ||||||||
| Thailand Election | ||||||||
| Ecuador Data Exposure | ||||||||
| Bangladesh e-Gov |
Why governance is central
Cyber operations do not occur in a governance vacuum. Every incident in this atlas triggered, tested, or exposed gaps in the international rules-based order. The governance lens is not a secondary analytical layer — it is the frame through which escalation, restraint, and strategic consequence should be understood.
The eight flags tracked here correspond to the principal mechanisms through which the international community has responded to hostile cyber operations: norm invocation, public attribution, sanctions, criminal accountability, multilateral discussion, regulatory adaptation, international cooperation, and deterrence signalling. No single mechanism is sufficient; their cumulative effect shapes the evolving governance landscape.
Status assessments (applicable, contested, unclear) reflect analytical judgement informed by the cited legal frameworks and publicly available state practice. They are intended as starting points for classroom discussion and policy analysis, not definitive legal opinions.