Records of Critical Cyber Attacks (ROCCA) is a structured, open-source database that systematically records critical cyber incidents conducted by state and non-state actors. Unlike general cyber incident datasets, ROCCA focuses exclusively on incidents planned to produce significant societal, political, or economic impact. These include strategic cyberattacks and operations, disruptive and destructive attacks targeting critical infrastructure, and cyber operations linked to geopolitical competition, conflict, or financially or politically motivated non-state actors. The dataset covers incidents from 2005 onward and is continuously updated.

The dataset is designed to support quantitative policy analysis, attribution research, and geopolitical risk modeling. It draws from publicly available incident records—including Center for Strategic and International Studies (CSIS)’s Significant Cyber Incident list as an initial reference point—and extends them through a multi-stage automated enrichment pipeline. Center for Strategic and International Studies (CSIS) data serves as a seed reference only; all analytical outputs reflect the independently constructed Orion Policy Institute dataset.