OPI-ROCCA DATASET

ROCCA Dashboard

Records of Critical Cyber Attacks

A curated dataset of critical cyber attacks against governments, infrastructure, and industry. ROCCA tracks threat actors, targets, attack methods, and outcomes across 711 core incidents and 954 extended records, coded and reviewed by Orion Policy Institute researchers.

Public tier is free and open. Private tier is granted on request.

ROCCA-0347
PUBLIC RECORD
Target sectorEnergy infrastructure
Attack typeRansomware
Threat actorState-linked group
Year2024
ROCCA-0712
PRIVATE RECORD
Attribution notes 
Source list 
Confidence score 
TTP detail 
The private dashboard is a comprehensive superset of the public version, offering significantly higher analytical depth

711

Core incidents

954

Extended records

40+

Coded variables per record

Monthly

Update cycle

INSIDE THE DASHBOARD

What the Dashboard Shows

The public dashboard gives open access to the ROCCA core dataset with interactive filtering, incident timelines, and per-record detail cards. No registration required.

FILTER

Actor, sector, and method

Slice the dataset by threat actor, target sector, and attack type in one view.

TIMELINE

Incidents over time

Follow critical attacks from the earliest records to the present, updated monthly.

DETAIL

Per-incident record cards

Open any incident for its coded fields: target, method, impact, and actor type.

ACCESS TIERS

Public vs. Private Access

The public tier covers the core dataset and is open to everyone. The private tier adds the full extended dataset, source documentation, and export tools for approved users.

Feature Public Dashboard Private Dashboard
Incident coverage Core dataset (711 incidents) Full dataset (954 records)
Variables per incident Summary fields All coded variables, incl. attribution confidence and source notes
Threat actor profiles Group name and type Full profiles with linked incidents and TTPs
Data export Not available CSV export of filtered views
Update frequency Monthly Monthly, with early access to new records
Source documentation Per-incident source list
Cost Free, no registration Free, approval required

Private access is granted to academic researchers, government and policy analysts, and journalists. Requests are reviewed individually.

PRIVATE TIER

Request Private Dashboard Access

We have developed a dashboard for the OPI-ROCCA with two access levels: a public version and a private version. The public dashboard provides general information and selected data for broader use.

The private dashboard includes additional information, restricted data, or internal features that are only available to approved users.

If you would like to request access to the private version of the dashboard, please complete the form. Your request will be reviewed, and access will be granted accordingly.

01Submit the request form with your intended use.
02Our research team reviews requests within 5 business days.
03Approved users receive credentials and the codebook by email.

Your information is used only to review this request and is handled under our Privacy Policy. Requests are reviewed within 5 business days.

HOW THE DATA IS BUILT

Methodology and Citation

Records of Critical Cyber Attacks (ROCCA) is a structured, open-source database that systematically records critical cyber incidents conducted by state and non-state actors.

Orion Policy Institute. (2026). OPI-ROCCA: Records of Critical Cyber Attacks [Dataset]. https://orionpolicy.org/records-of-critical-cyber-attacks-project/

QUESTIONS

Frequently Asked Questions

Yes. The public dashboard is open to everyone, with no registration required.

Academic researchers, government and policy analysts, and journalists. Each request is reviewed individually.

Requests are reviewed within 5 business days. Approved users receive credentials by email.

Yes. Public dashboard data may be cited freely using the suggested citation format. Private-tier data use is subject to the terms shared upon approval.