Better Cybercrime Metrics Act

←

Public Law 117-116
Better Cybercrime Metrics Act
by the 117th Congress of the United States

Pub.L. 117−116, S. 2629, enacted May 5, 2022

→

Note: This is the original legislation as it was initially enacted. Any subsequent amendments hosted on Wikisource may be listed using What Links Here.

4130414Better Cybercrime Metrics Act —

Pub.L. 117−116, S. 2629, enacted May 5, 2022

2022by the 117th Congress of the United States

117^TH UNITED STATES CONGRESS

An Act
To establish cybercrime reporting mechanisms, and for other purposes.

Resolved by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE. edit

This Act may be cited as the ‘‘Better Cybercrime Metrics Act’’

SEC. 2. FINDINGS. Congress finds the following: edit

(1) Public polling indicates that cybercrime could be the most common crime in the United States.

(2) The United States lacks comprehensive cybercrime data and monitoring, leaving the country less prepared to combat cybercrime that threatens national and economic security.

(3) In addition to existing cybercrime vulnerabilities, the people of the United States and the United States have faced a heightened risk of cybercrime during the COVID–19 pandemic. (4) Subsection (c) of the Uniform Federal Crime Reporting Act of 1988 (34 U.S.C. 41303(c)) requires the Attorney General to ‘‘acquire, collect, classify, and preserve national data on Federal criminal offenses as part of the Uniform Crime Reports’’ and requires all Federal departments and agencies that investigate criminal activity to ‘‘report details about crime within their respective jurisdiction to the Attorney General in a uniform matter and on a form prescribed by the Attorney General’’

SEC. 3. CYBERCRIME TAXONOMY. edit

(a) IN GENERAL.—Not later than 90 days after the date of enactment of this Act, the Attorney General shall seek to enter into an agreement with the National Academy of Sciences to develop a taxonomy for the purpose of categorizing different types of cybercrime and cyber-enabled crime faced by individuals and businesses.

(b) DEVELOPMENT.—In developing the taxonomy under subsection (a), the National Academy of Sciences shall—

(1) ensure the taxonomy is useful for the Federal Bureau of Investigation to classify cybercrime in the National IncidentBased Reporting System, or any successor system;

(2) consult relevant stakeholders, including—

(A) the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security;

(B) Federal, State, and local law enforcement agencies;

(C) criminologists and academics;

(D) cybercrime experts; and

(E) business leaders; and

(3) take into consideration relevant taxonomies developed by non-governmental organizations, international organizations, academies, or other entities.

(c) REPORT.—Not later than 1 year after the date on which the Attorney General enters into an agreement under subsection (a), the National Academy of Sciences shall submit to the appropriate committees of Congress a report detailing and summarizing—

(1) the taxonomy developed under subsection (a); and

(2) any findings from the process of developing the taxonomy under subsection (a).

(d) AUTHORIZATION OF APPROPRIATIONS.—There are authorized to be appropriated to carry out this section $1,000,000.

SEC. 4. CYBERCRIME REPORTING. edit

(a) IN GENERAL.—Not later than 2 years after the date of enactment of this Act, the Attorney General shall establish a category in the National Incident-Based Reporting System, or any successor system, for the collection of cybercrime and cyber-enabled crime reports from Federal, State, and local officials.

(b) RECOMMENDATIONS.—In establishing the category required under subsection (a), the Attorney General shall, as appropriate, incorporate recommendations from the taxonomy developed under section 3(a).

SEC. 5. NATIONAL CRIME VICTIMIZATION SURVEY. edit

(a) IN GENERAL.—Not later than 540 days after the date of enactment of this Act, the Director of the Bureau of Justice Statistics, in coordination with the Director of the Bureau of the Census, shall include questions relating to cybercrime victimization in the National Crime Victimization Survey.

(b) AUTHORIZATION OF APPROPRIATIONS.—There are authorized to be appropriated to carry out this section $2,000,000.

SEC. 6. GAO STUDY ON CYBERCRIME METRICS. edit

Not later than 180 days after the date of enactment of this Act, the Comptroller General of the United States shall submit to Congress a report that assesses—

(1) the effectiveness of reporting mechanisms for cybercrime and cyber-enabled crime in the United States; and

(2) disparities in reporting data between—

(A) data relating to cybercrime and cyber-enabled crime; and

(B) other types of crime data.

Approved May 5, 2022.

LEGISLATIVE HISTORY edit

S. 2629:

CONGRESSIONAL RECORD:

Vol. 167 (2021): Dec. 7, considered and passed Senate.

Vol. 168 (2022): Mar. 28, 29, considered and passed House

This work is in the public domain in the U.S. because it is an edict of a government, local or foreign. See § 313.6(C)(2) of the Compendium II: Copyright Office Practices. Such documents include "legislative enactments, judicial decisions, administrative rulings, public ordinances, or similar types of official legal materials" as well as "any translation prepared by a government employee acting within the course of his or her official duties."

These do not include works of the Organization of American States, United Nations, or any of the UN specialized agencies. See Compendium III § 313.6(C)(2) and 17 U.S.C. 104(b)(5).

A non-American governmental edict may still be copyrighted outside the U.S. Similar to {{PD-in-USGov}}, the above U.S. Copyright Office Practice does not prevent U.S. states or localities from holding copyright abroad, depending on foreign copyright laws and regulations.

Public domainPublic domainfalsefalse