Cybercrime statistics legislation ready for president’s signature

Written by Tim Starks

For the second time this month, Congress sent President Joe Biden legislation designed to better track cybercrime data.

The House on Tuesday approved a bill which would direct the Department of Justice to collect and measure cybercrime statistics in a number of ways, such as a mandate for the Bureau of Justice Statistics and the US Census Bureau to include questions on cybercrime in the National Survey of Victims of Crime, which counts crimes committed against people 12 and older.

It arrives on Biden’s desk shortly after the president signed another bill that requires critical infrastructure owners and operators to report ransomware payments within 24 hours.

In a floor speech this week calling for passage of the DOJ measures legislation, Representative Abigail Spanberger said cybercrime was the most common crime in the United States.

“Unfortunately, a large majority of these crimes are not properly reported or tracked by law enforcement,” the Virginia Democrat said. “And far too often they are not measured or even documented. And to make matters worse, our government lacks the required preparation to fully tackle the next generation of cybercrime and cyberattacks.

Spanberger, lead sponsor of the House version of the measure, said the Colonial Pipeline ransomware attack that sparked a fuel panic in the United States served as the inspiration to introduce it. The House agreed to strike out the legislation by a vote of 377-48.

“Our government is not prepared to fully tackle the next generation of cybercrime and cyberattacks.”

— Rep. Abigail Spanberger

All 48 “no” votes came from Republicans, despite bipartisan co-sponsorship of the House and Senate versions of the “Better Cybercrime Metrics Act”.

“We don’t have enough information to determine whether this legislation will bring more cybercriminals to justice,” Rep. Cliff Bentz, R-Ore., said this week, then referenced a provision in the legislation that gives to the Government Accountability Office a role. “Why are we making changes to cybercrime reporting mechanisms before the GAO can assess whether existing reporting mechanisms are effective?”

The Cybercrime Support Network, Association of Big City Chiefs, National Fraternal Order of Police, National Association of Police Organizations and National Center for Combating White Collar Crime supported the measure.

The legislation also aligns with a Cyberspace Solarium Commission recommendation that Congress has failed to act to establish an Office of Cyberstatistics this could help assess risks and give decision makers information to better design government programs.