The “Better Cybercrime Metrics Act” Would Improve How the Federal Government Tracks, Measures, Analyzes, & Prosecutes Cybercrime
The Congresswoman’s Legislation is Endorsed by the National Fraternal Order of Police & Several Additional National Law Enforcement Organizations
* *DOWNLOADABLE VIDEO: On Floor of U.S. House, Spanberger Calls for Passage of her Better Cybercrime Metrics Act Ahead of Vote * *
WASHINGTON, D.C. — An overwhelmingly bipartisan majority of the U.S. House of Representatives tonight voted to pass U.S. Rep. Abigail Spanberger’s bipartisan, bicameral bill to improve the federal government’s understanding, measurement, and tracking of cybercrime. The legislation now goes to President Joe Biden’s desk to be signed into law.
Cyber and cyber-enabled crimes continue to rise at an alarming rate — including due to the emergence of scams related to the COVID-19 pandemic, creating billions of dollars of financial losses in addition to serious safety and personal consequences for the American people. However, the federal government currently lacks an effective system to measure cybercrime.
Spanberger’s Better Cybercrime Metrics Act — which passed tonight by a vote of 377 to 48 would improve how the federal government tracks, measures, analyzes, and prosecutes cybercrime. By starting the process of building an effective system to delineate and track cybercrime incidents, her legislation would allow U.S. law enforcement agencies to better identify cyberthreats, prevent attacks, and take on the challenge of cybercrime. Spanberger introduced the bipartisan legislation in August 2021 — and the U.S. Senate passed the companion bill in December 2021.
Ahead of the passage of the legislation, Spanberger spoke on the floor of the U.S. House to discuss how this legislation would protect American consumers, prepare the United States for future cyberthreats, and help hold perpetrators accountable.
Click here to watch her remarks, and a full transcript of her comments is below.
Mister Speaker, I rise today in support of my Better Cybercrime Metrics Act and its companion bill in the United States Senate, S.2629. And I thank the gentlewoman from Texas for that introduction and for her support of this bill since the moment we introduced it.
Our nation is under constant attack from cyber criminals. And with a range of new threats emanating from adversaries around the world — including the Russian Federation, Congress has an obligation to move legislation forward that can better protect the American people, their data, their finances, and their personal information.
Over the last few years, we’ve seen massive rates of cybercrime. Millions of Americans have had their personal data compromised, their money stolen, their identity taken, or their safety put at serious risk. In fact, cybercrime remains the most common crime in America — and this trend was only exacerbated by the pandemic and the many fraudsters looking to scam vulnerable Americans in a moment of crisis or make a quick buck off a global catastrophe.
Unfortunately, a vast majority of these crimes are not properly reported or tracked by law enforcement. And far too often, they are not measured or even documented. And to make matters worse, our government lacks the preparedness required to fully address the next generation of cybercrime and cyberattacks.
Our legislation would give law enforcement agencies the tools they need to better track and identify cybercrime, prevent attacks, and hold perpetrators accountable.
Our bill would require federal reporting on the effectiveness of current cybercrime mechanisms. And it would go one step further — it would also highlight disparities in reporting data between cybercrime data and other types of crime data.
This is such an important step for strengthening our understanding of and our defenses against the phishing attempts, extortion, identity theft, and ransomware attacks that are plaguing everyday Americans in communities across our country. Additionally, our bill would make sure America’s law enforcement is prepared for the next generation of cyberattacks.
Now Mister Speaker — I am a proud former federal law enforcement officer, and I understand that local and state police and sheriff’s departments are often strained for resources. And I know that their time is precious. So, I recognize the importance of having their backs and making sure that we have as much information as possible about potential threats.
This legislation follows through on that commitment. And it’s why I am glad to see it endorsed by several national law enforcement organizations — including the National Fraternal Order of Police, the National Association of Police Organizations, the Major Cities Chiefs Association, and the National White Collar Crime Center — which has a presence in Virginia’s Seventh District.
In fact, this legislation — bipartisan and bicameral — was partially inspired by the attack on the Colonial Pipeline last year, something that impacted many communities across my district.
After thousands of Virginians, their gas tanks, and their wallets were impacted by this disruptive ransomware attack, I was proud to build a bipartisan coalition focused on improving America’s efforts to undercut hackers, protect critical infrastructure, and strengthen existing cybercrime prevention efforts.
I want to thank my colleagues in the U.S. House of Representatives who joined this bipartisan coalition. Thank you to Congressman Blake Moore, Congressman Andrew Garbarino, and Congresswoman Sheila Jackson Lee for your partnership. Clearly, there is still bipartisan consensus for cybersecurity reforms and protections.
I also want to thank our friends across the Capitol complex for ushering the Senate version through the process. Thank you to Senators Schatz, Tillis, Cornyn, and Blumenthal for your cooperation and leadership on this important, bicameral effort.
When our bipartisan bill passes in the House tonight, it will head to the President’s desk to be signed into law. And with the stroke of a pen, we will ensure that our national crime classification system can properly identify cybercrimes and prevent future attacks.
Once our legislation is signed into law, we will be protecting more families who bank online. We will be protecting more businesses who manage their employees’ payroll information over the internet. We will be protecting more seniors who are using the internet to communicate with their loved ones far away or rely on the internet to manage their federal benefits — such as Social Security.
Together, we will thwart cybercriminals. And together, we will prevent more Americans from becoming targets — or victims — online.
Thank you, Mr. Speaker. I yield back.
Several national law enforcement organizations have endorsed Spanberger’s Better Cybercrime Metrics Act — including the National Fraternal Order of Police, Major Cities Chiefs Association (MCCA), National Association of Police Organizations (NAPO), National White Collar Crime Center (NW3C), and Cybercrime Support Network (CSN).
Specifically, Spanberger’s Better Cybercrime Metrics Act would improve federal cybercrime metrics by:
- Requiring the Government Accountability Office to report on the effectiveness of current cybercrime mechanisms and highlight disparities in reporting data between cybercrime data and other types of crime data,
- Requiring that the National Crime Victimization Survey incorporate questions related to cybercrime in its survey instrument,
- Requiring the U.S. Department of Justice to contract with the National Academy of Sciences to develop a taxonomy for cybercrime that can be used by law enforcement, and
- Ensuring that the National Incident Based Reporting System — or any successor system — include cybercrime reports from federal, state, and local officials.
Spanberger’s legislation is cosponsored by U.S. Representatives Blake Moore (R-UT-01), Andrew Garbarino (R-NY-02), Sheila Jackson Lee (D-TX-18), Brian Fitzpatrick (R-PA-01), Ed Case (D-HI-01), David Trone (D-MD-06), Kweisi Mfume (D-MD-07), and Josh Gottheimer (D-NJ-05) — as well as Delegate Eleanor Holmes Norton (D-DC-AL).
The U.S. Senate version of the Better Cybercrime Metrics Act is led by U.S. Senator Brian Schatz (D-HI). Additional U.S. Senate cosponsors on the legislation include U.S. Senators Thom Tillis (R-NC), John Cornyn (R-TX), and Richard Blumenthal (D-CT).
In 2018, a nonpartisan study from Gallup found that nearly one in four U.S. households were a victim of cybercrime — making it the most common crime in America. However, the large majority of these crimes are not properly reported or tracked — and in many cases, these incidents are not measured at all. By some estimates, the Federal Bureau of Investigation (FBI) only collects about one in 90 of all cybercrime incidents in its Internet Crime Complaint Center (IC3) database
The Uniform Crime Reporting Act of 1988 requires all federal law enforcement agencies to report crime data through the FBI. However, federal agencies like the FBI and Secret Service — which often have jurisdiction over crimes within the broader definition of cybercrime — are not consistently reporting these numbers into the federal systems. State and local law enforcement reporting on cybercrime is also limited and inconsistently reported to federal agencies.
This lack of detailed, consistent systems for collecting and categorizing data on cybercrime is an impediment to understanding the scope of the problem — thus impairing law enforcement’s ability to protect against cybercrime.