WASHINGTON, D.C. — U.S. Representative Abigail Spanberger today announced that she is leading the introduction of a bipartisan, bicameral bill to improve the federal government’s understanding, measurement, and tracking of cybercrime.
The federal government currently lacks an effective system to measure cybercrime. In 2018, a nonpartisan study from Gallup found that nearly one in four U.S. households were a victim of cybercrime — making it the most common crime in America. However, the large majority of these crimes are not properly reported or tracked — and in many cases, these incidents are not measured at all. By some estimates, the Federal Bureau of Investigation (FBI) only collects about one in 90 of all cybercrime incidents in its Internet Crime Complaint Center (IC3) database.
The bipartisan Better Cybercrime Metrics Act would improve how the federal government tracks, measures, analyzes, and prosecutes cybercrime. By starting the process of building an effective system to delineate and track cybercrime incidents, this legislation would allow U.S. law enforcement agencies to better identify cyberthreats, prevent attacks, and prosecute perpetrators.
Companion legislation is led in the U.S. Senate by U.S. Senator Brian Schatz (D-HI). Additional U.S. Senate cosponsors on the legislation are Thom Tillis (R-NC), John Cornyn (R-TX), and Richard Blumenthal (D-CT).
“Cybercrime is increasingly putting American families, businesses, and government agencies at serious risk. But for too long, our government has been woefully unprepared for the next generation of cyberattacks. Complacency with respect to our cybercrime classification system could jeopardize public safety, our ability to compete in the global economy, and even our national security,” said Spanberger, a former CIA case officer and former federal agent. “Our nation’s crime classification system is out-of-date — and the Better Cybercrime Metrics Act takes commonsense steps to improve our cybercrime metrics, anticipate future trends, and make sure law enforcement agencies have the tools and resources they need. I am proud to lead the introduction of this bipartisan, bicameral legislation — because this bill would help prevent more Americans from becoming targets and victims online.”
Spanberger is introducing the bill alongside U.S. Representatives Blake Moore (R-UT-01), Andrew Garbarino (R-NY-02), and Sheila Jackson Lee (D-TX-18).
“Acts of identity theft, fraud, espionage, and other types of victimization perpetrated online cause extensive harm to individuals, businesses, and government agencies. In order to do more to counter cyber threats, we need better data concerning the incidence of these types of crimes,” said Jackson Lee, Chairwoman of the U.S. House Judiciary Committee’s Subcommittee on Crime, Terrorism, and Homeland Security. “That is why I am pleased to join my colleagues in introducing the Better Cybercrime Metrics Act, a bill to require the reporting of information to assist us in preventing further victimization, which is an important focus of my Subcommittee on Crime, Terrorism, and Homeland Security.”
“This Better Cybercrime Metrics Act is a critical first step in helping both government and private industry better understand and address the growing challenge of cybercrime and attacks to our cybersecurity. Aggression we see from cyber criminals and adversaries requires a new era of reporting and collaboration between private and public industry,” said Moore. “I am proud to join my friends, Rep. Abigail Spanberger (D-VA), Rep. Sheila Jackson Lee (D-TX), and Rep. Andrew Garbarino (R-NY), in pursuing commonsense cybersecurity policy that equips our law enforcement and cyber warriors to better understand the scope of the cybercrime challenge. America’s public safety and cyber superiority is on the line, and now is the time to act.”
“Cybercrime is rampant, but despite the rising number of attacks affecting Americans, we do not have a clear picture of the full scope of the problem,” said Garbarino. “I am proud to join Congresswoman Spanberger in introducing this bipartisan legislation to help improve tracking and reporting as it relates to cybercrime. We need to utilize every tool at our disposal, especially those offered by CISA and the rest of the Federal government, to fight back against what is one of the greatest threats of our time.”
“Increased and improved cybercrime data collection is a necessity,” said Robert Burda, Interim CEO & Chief Strategy Officer, Cybercrime Support Network (CSN). “By better understanding the size and scope of cybercrime in the United States, our law enforcement officers, policy makers, and CSN will be able to more effectively serve individuals and small businesses impacted by cybercrime.”
“It is critical that cybercrime is counted in a systematic and complete manner. Victims of cybercrime, particularly vulnerable victims such as minors, stalking victims, and the elderly, deserve to have those crimes counted and the public deserves to know the nature and extent of cybercrime in our society,” said Eileen M. Decker, Lecturer, USC Gould Law School; former U.S. Attorney; Police Commissioner. “Comprehensive cybercrime data will help ensure robust training and increased resources to law enforcement to investigate cybercrimes, and improved public awareness about the pervasiveness of the cybercrime problem. This bill is an important step to achieving these goals.”
“Cybercrime is pervasive and pernicious, having a negative impact on individuals and communities throughout the United States. The first step in combating the hard problem of cybercrime, like all hard problem, is having a clear, concise, and consistent understanding of cybercrime among all those impacted and those who will face the problem,” said Glen Gainer, President, National White Collar Crime Center (NW3C). “NW3C appreciates the efforts of Congresswoman Spanberger in introducing this bill.”
“Proliferation of technology and data in many aspects of daily life means that most crime has expanded to include a cyber component. Technology is not only the target, it is the tool, the location for critical evidence, as well as source of contraband. This reality begs for uniform national reporting of any crime with a technology nexus,” said Jim Emerson, Vice President, NW3C; and Chairman, International Association of Chiefs of Police Computer Crime and Digital Evidence Committee. “I appreciate the work of Congresswoman Spanberger to bring this bill forward.”
“As a retired state-level cybercrime investigator and current instructor of those who currently investigate and prosecute these offenses, I have an appreciation for the breadth and depth of the complex challenges these criminal justice practitioners face daily. It is not possible to combat cybercrime until it is fully and consistently understood,” said Chuck Cohen, Vice President, NW3C; retired police captain; & professor of criminal justice. “I appreciate that Congresswoman Spanberger understands the challenge and is bringing this bill forward.”
Specifically, the Better Cybercrime Metrics Act would improve federal cybercrime metrics by:
- Requiring the Government Accountability Office to report on the effectiveness of current cybercrime mechanisms and highlight disparities in reporting data between cybercrime data and other types of crime data,
- Requiring that the National Crime Victimization Survey incorporate questions related to cybercrime in its survey instrument,
- Requiring the U.S. Department of Justice to contract with the National Academy of Sciences to develop a taxonomy for cybercrime that can be used by law enforcement, and
- Ensuring that the National Incident Based Reporting System — or any successor system — include cybercrime reports from federal, state, and local officials.
The Uniform Crime Reporting Act of 1988 requires all federal law enforcement agencies to report crime data through the FBI. However, federal agencies like the FBI and Secret Service — which often have jurisdiction over crimes within the broader definition of cybercrime — are not consistently reporting these numbers into the federal systems. State and local law enforcement reporting on cybercrime is also limited and inconsistently reported to federal agencies.
This lack of detailed, consistent systems for collecting and categorizing data on cybercrime is an impediment to understanding the scope of the problem — thus impairing law enforcement’s ability to protect against cybercrime.