Timeline

All cases plotted chronologically, sized by Unpeace score and coloured by operation type, with international governance milestones overlaid.

EspionageDestructiveRansomwareSabotageInfluence OperationHybrid

2007200820102012201420162018202020222024

First UN GGE consensus report

UN GGE voluntary norms

UN GGE failure to reach consensus

UN OEWG first report

Tallinn Manual 2.0 widely cited

UN OEWG continued mandate

Pattern Analysis

The timeline reveals distinct clustering: a pre-norm period (2007–2014) dominated by pioneering sabotage and espionage operations, a contested period (2015–2019) where governance frameworks emerged alongside increasingly sophisticated attacks, and an escalatory period (2020–present) marked by ransomware industrialisation, wartime cyber operations, and strategic pre-positioning. The 2017 GGE consensus failure correlates with an observable acceleration in destructive operations, suggesting that norm vacuum periods may reduce restraint incentives.