The U.S. is poised to gain improved visibility into cybercriminal activity.
The Better Cybercrime Metrics Act authored by U.S. Senator Brian Schatz (D-Hawaii) passed the House in a bipartisan 377-48 vote on Tuesday, March 29. The bill passed the Senate in December and is expected to be signed into law by the President. Those 48 votes opposed to the bill were all cast by Republicans.
Senator Schatz said in a release, "Our bipartisan bill will give us the data we need to go after criminals and support victims of cybercrime."
The FBI estimates that cybercrime affects 300,000 to 700,000 victims each year. Unfortunately, the numbers are likely even higher, as until now there have been no comprehensive metrics on the scale and impact of cybercrime in the United States -- or on law enforcement efforts against them.
Better Cybercrime Metrics Acts: The Most Important Points
The Better Cybercrime Metrics Act will:
- require the FBI to report metrics on cybercrime and cyber-enabled crime categories, just as they do for other types of property crime;
- encourage local and federal law enforcement agencies to report incidents of cybercrime in their jurisdictions to the FBI;
- authorize a study at the National Academies of Science to create a taxonomy for cybercrime incidents in consultation with federal, state, local, and tribal stakeholders; criminologists; and business leaders that would inform the FBI’s reporting of cybercrime and cyber-enabled crime; and
- require the Bureau of Justice Statistics at the Department of Justice and the Census Bureau to include questions related to cybercrime and cyber-enabled crime as part of its annual National Crime Victimization Survey.
“It is critical that cybercrime is counted in a systematic and complete manner," said Los Angeles Police Commissioner and former U.S. Attorney Eileen M. Decker. "Comprehensive cybercrime data will help ensure robust training and increased resources to law enforcement to investigate cybercrimes, and improved public awareness about the pervasiveness of the cybercrime problem. This bill is an important step to achieving these goals.”
Passage of the Cybercrime Metrics Act came on the heels of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, signed into law by President Biden on March 15, 2022.
The Act compels "covered entities" in a "critical infrastructure sector" to report to the Cybersecurity and Infrastructure Security Agency within 24 hours of either making a ransomware payment, or within 72 hours of reasonably believing that it experienced a "substantial cyber incident."
"Our nation is under constant attack from cyber criminals, and, with a range of new threats emanating from adversaries around the world -- including the Russian Federation -- Congress has an obligation to move legislation forward that can better protect the American people, their data, their finances, and their personal information," said. Rep. Abigail Spanberger (D-Va.), who sponsored the bill, following the passage of the bill on the House floor.