Public Law 117-116 passed May 05, 2022

Better Cybercrime Metrics Act

Findings

• Public polling indicates that cybercrime could be the most common crime in the United States.

• The United States lacks comprehensive cybercrime data and monitoring, leaving the country vulnerable to cybercrime that threatens national and economic security.

• The people of the United States have faced heightened risk of cybercrime during the COVID-19 pandemic.

• Under the Uniform Federal Crime Reporting Act of 1988 requires the Attorney General to “acquire, collect, classify, and preserve national data on Federal criminal offenses as part of the Uniform Crime Reports” and all Federal departments and agencies that investigate criminal activity to “report details about crime within their respective jurisdiction to the Attorney General in a uniform matter and on a form prescribed by the Attorney General.”

Cybercrime Taxonomy

No later than 90 days after the enactment of this Act, the Attorney General shall enter into an agreement with the National Academy of Sciences to develop a taxonomy for the purpose of categorizing different types of cybercrime and cyber-enabled crime face by individuals and businesses.

The National Academy of Sciences shall-

• Ensure the taxonomy is useful for the Federal Bureau of Investigation (FBI) to classify cybercrime in the National Incident Based Reporting System (NIBRS)

• Consult stakeholders including

• Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security

• Federal, State, and local law enforcement agencies

• Criminologists and academics

• Cybercrime experts

• Business leaders

• Consideration relevant taxonomies developed by non-governmental organizations (NGO), International organizations, academics, or others

• No later than 1 year of the Attorney General enters into an agreement, the National Academy of Sciences shall submit a report detailing and summarizing

• The taxonomy developed and

• Any findings from the process of developing the taxonomy

• Authorized to be appropriated $ 1 million.

Cybercrime Reporting

No later than 2 years after the enactment of this Act, the Attorney General shall establish a category in the National Incident-Based Reporting System, for the collection of cybercrime and cyber-enabled crime reports from Federal, State and local officials.

National Crime Victimization Survey

No later than 540 days after the enactment of this Act, the Director of the Bureau of Justice Statistics in coordination with the Director of the Bureau of the Census shall include questions relating to cybercrime victimization in the National Crime Victimization Survey. Authorized to be appropriated $2 million.

GAO Study on Cybercrime Metrics

No later than 180 days after the enactment of this Act, the Comptroller General of the United States shall submit a report that assesses-

• The effectiveness of reporting mechanisms for cybercrime and cyber-enabled crime in the United States

• Disparities in reporting data between

• Data relating to cybercrime and cyber-enabled crime

• Other types of crime data