THE HILL, REP. ABIGAIL SPANBERGER
When you turn on the TV or read the newspaper, it’s hard to ignore the headlines: “Colonial Pipeline a Victim of Massive Ransomware Attack.” “50 Million People Affected by T-Mobile Data Breach.” “Hackers Exploit SolarWinds to Spy on U.S. Government Agencies.”
These major attacks represent a serious threat to our economy and our national security. After the Colonial Pipeline attack impacted thousands of our neighbors in Central Virginia, I was adamant about how our government must vastly improve its efforts to undercut the activity of hackers, protect critical infrastructure, and strengthen our cybercrime prevention efforts.
But the story of cybercrime in 2021 goes far beyond these news-making cyberattacks — it extends into our communities, our neighborhoods, and our homes.
If you are a family banking online, a business managing your employees’ payroll information, or a senior accessing federal benefits on the internet, you are no stranger to thinking about how a cyber breach or attack could affect you. Even worse, you might already be one of the millions of Americans whose personal data has been compromised, money or identity stolen, or safety put at risk.
In 2018, Gallup found that nearly one in four U.S. households has been a victim of cybercrime — making it the most common crime in America. To confront cybercriminals and their enablers, we need to have a better understanding of these incidents. However, many of these cases — a vast majority of these crimes — are not properly reported or tracked by law enforcement. Often, they are not measured at all.
By some estimates, the Federal Bureau of Investigation (FBI) may only collect about one in 90 of all cybercrime incidents in its Internet Crime Complaint Center (IC3) database. The lack of information about cyber and cyber-enabled crime is divorced from what Americans are actually facing on a day-to-day basis — an increased risk of cybercrime. What’s more, these crimes are rising at an alarming rate.
Compounding this challenge is the fact that federal, state, and local governments do not have a comprehensive, effective system to measure cybercrime. In 2021 — decades after the dawn of the internet age — we remain woefully unprepared to prevent or respond to the next generation of cyberattacks.
Accountability for these crimes — and protection against them — can’t fully take shape until we have a clear picture of the current state of play. For this reason, we need to take real steps to improve how we track, measure, analyze, and prosecute cybercrime.
Earlier this month, I introduced the bipartisan Better Cybercrime Metrics Act, which would allow our federal government and law enforcement to better track and identify cybercrime, prevent attacks, and go after perpetrators. This bill would strengthen our understanding and our defenses against the phishing attempts, extortion, ransomware, and identity theft that are plaguing everyday Americans.
As a former federal law enforcement agent, I understand that local and state police and sheriff’s departments are often strained for resources and time. And as a former CIA case officer, I recognize the importance of gathering as much information as possible about potential threats — so that we can prevent attacks on American citizens and American businesses.
If signed into law, the Better Cybercrime Metrics Act would improve our cybercrime metrics, anticipate future trends, and make sure law enforcement has the tools and resources they need.
Our bill would require federal reporting on the effectiveness of current cybercrime mechanisms and highlight disparities in reporting data between cybercrime data and other types of crime data.
Additionally, it would require the National Crime Victimization Survey to ask questions related to cybercrime in its surveys — and it would make sure that the FBI’s National Incident Based Reporting System include cybercrime reports from federal, state, and local officials.
Notably, our bill would also require the U.S. Department of Justice to contract with the National Academy of Sciences to develop a standard taxonomy for cybercrime. These metrics could be used by law enforcement across the board.
I was proud to introduce this legislation alongside my colleagues U.S. Reps. Blake Moore (R-Utah), Andrew Garbarino (R-N.Y.), and Sheila Jackson Lee (D-Texas). Clearly, there is consensus for these reforms and protections across the political spectrum.
In the Senate, a companion bill is being led by Sen. Brian Schatz (D-Hawaii). Joining him are Thom Tillis (R-N.C.), John Cornyn (R-Texas), and Richard Blumenthal (D-Conn.). I am proud to have their partnership on this important, bicameral effort.
With this legislation and an improved understanding of the threats ahead, we can prevent more Americans from becoming targets — or victims — online.