Tackling The Out Of Control Threat From Cybercrime

Portions courtesy of THE HILL

When you turn on the TV or read the newspaper, it’s hard to ignore the headlines: “Colonial Pipeline a Victim of Massive Ransomware Attack.” “50 Million People Affected by T-Mobile Data Breach.” “Hackers Exploit SolarWinds to Spy on U.S. Government Agencies.”

These major attacks represent a serious threat to our economy and our national security. After the Colonial Pipeline attack impacted thousands of our neighbors in Central Virginia, I was adamant about how our government must vastly improve its efforts to undercut the activity of hackers, protect critical infrastructure, and strengthen our cybercrime prevention efforts.

But the story of cybercrime in 2021 goes far beyond these news-making cyberattacks — it extends into our communities, our neighborhoods, and our homes.

If you are a family banking online, a business managing your employees’ payroll information, or a senior accessing federal benefits on the internet, you are no stranger to thinking about how a cyber breach or attack could affect you. Even worse, you might already be one of the millions of Americans whose personal data has been compromised, money or identity stolen, or safety put at risk.

In 2018, Gallup found that nearly one in four U.S. households has been a victim of cybercrime — making it the most common crime in America. To confront cybercriminals and their enablers, we need to have a better understanding of these incidents. However, many of these cases — a vast majority of these crimes — are not properly reported or tracked by law enforcement. Often, they are not measured at all.

By some estimates, the Federal Bureau of Investigation (FBI) may only collect about one in 90 of all cybercrime incidents in its Internet Crime Complaint Center (IC3) database. The lack of information about cyber and cyber-enabled crime is divorced from what Americans are actually facing on a day-to-day basis — an increased risk of cybercrime. What’s more, these crimes are rising at an alarming rate.

Compounding this challenge is the fact that federal, state, and local governments do not have a comprehensive, effective system to measure cybercrime. In 2021 — decades after the dawn of the internet age — we remain woefully unprepared to prevent or respond to the next generation of cyberattacks.

Accountability for these crimes — and protection against them — can’t fully take shape until we have a clear picture of the current state of play. For this reason, we need to take real steps to improve how we track, measure, analyze, and prosecute cybercrime.

Earlier this month, I introduced the bipartisan Better Cybercrime Metrics Act, which would allow our federal government and law enforcement to better track and identify cybercrime, prevent attacks, and go after perpetrators. This bill would strengthen our understanding and our defenses against the phishing attempts, extortion, ransomware, and identity theft that are plaguing everyday Americans.

As a former federal law enforcement agent, I understand that local and state police and sheriff’s departments are often strained for resources and time. And as a former CIA case officer, I recognize the importance of gathering as much information as possible about potential threats — so that we can prevent attacks on American citizens and American businesses.

If signed into law, the Better Cybercrime Metrics Act would improve our cybercrime metrics, anticipate future trends, and make sure law enforcement has the tools and resources they need.

Our bill would require federal reporting on the effectiveness of current cybercrime mechanisms and highlight disparities in reporting data between cybercrime data and other types of crime data.

Additionally, it would require the National Crime Victimization Survey to ask questions related to cybercrime in its surveys — and it would make sure that the FBI’s National Incident-Based Reporting System include cybercrime reports from federal, state, and local officials.

Notably, our bill would also require the U.S. Department of Justice to contract with the National Academy of Sciences to develop a standard taxonomy for cybercrime. These metrics could be used by law enforcement across the board.

I was proud to introduce this legislation alongside my colleagues U.S. Reps. Blake Moore (R-Utah), Andrew Garbarino (R-N.Y.), and Sheila Jackson Lee (D-Texas). Clearly, there is consensus for these reforms and protections across the political spectrum.

In the Senate, a companion bill is being led by Sen. Brian Schatz (D-Hawaii). Joining him are Thom Tillis (R-N.C.), John Cornyn (R-Texas), and Richard Blumenthal (D-Conn.). I am proud to have their partnership on this important, bicameral effort.

The Better Cybercrime Metrics Act

Spanberger, Moore, Jackson Lee, & Garbarino to Introduce Bipartisan, Bicameral Legislation to Stand Up to Cyber Criminals, Improve Federal Tracking of Cybercrime

A 2018 Gallup Study Found that Nearly 25 Percent of All U.S. Households Have Been Victims of Cybercrime

WASHINGTON, D.C. —  U.S. Representative Abigail Spanberger today announced that she is leading the introduction of a bipartisan, bicameral bill to improve the federal government’s understanding, measurement, and tracking of cybercrime.

The federal government currently lacks an effective system to measure cybercrime. In 2018, a nonpartisan study from Gallup found that nearly one in four U.S. households were a victim of cybercrime — making it the most common crime in America. However, the large majority of these crimes are not properly reported or tracked — and in many cases, these incidents are not measured at all. By some estimates, the Federal Bureau of Investigation (FBI) only collects about one in 90 of all cybercrime incidents in its Internet Crime Complaint Center (IC3) database.

The bipartisan Better Cybercrime Metrics Act would improve how the federal government tracks, measures, analyzes, and prosecutes cybercrime. By starting the process of building an effective system to delineate and track cybercrime incidents, this legislation would allow U.S. law enforcement agencies to better identify cyberthreats, prevent attacks, and prosecute perpetrators.

Companion legislation is led in the U.S. Senate by U.S. Senator Brian Schatz (D-HI). Additional U.S. Senate cosponsors on the legislation are Thom Tillis (R-NC), John Cornyn (R-TX), and Richard Blumenthal (D-CT).

“Cybercrime is increasingly putting American families, businesses, and government agencies at serious risk. But for too long, our government has been woefully unprepared for the next generation of cyberattacks. Complacency with respect to our cybercrime classification system could jeopardize public safety, our ability to compete in the global economy, and even our national security,” said Spanberger, a former CIA case officer and former federal agent. “Our nation’s crime classification system is out-of-date — and the Better Cybercrime Metrics Act takes commonsense steps to improve our cybercrime metrics, anticipate future trends, and make sure law enforcement agencies have the tools and resources they need. I am proud to lead the introduction of this bipartisan, bicameral legislation — because this bill would help prevent more Americans from becoming targets and victims online.”

Spanberger is introducing the bill alongside U.S. Representatives Blake Moore (R-UT-01), Andrew Garbarino (R-NY-02), and Sheila Jackson Lee (D-TX-18).

“Acts of identity theft, fraud, espionage, and other types of victimization perpetrated online cause extensive harm to individuals, businesses, and government agencies. In order to do more to counter cyber threats, we need better data concerning the incidence of these types of crimes,” said Jackson Lee, Chairwoman of the U.S. House Judiciary Committee’s Subcommittee on Crime, Terrorism, and Homeland Security. “That is why I am pleased to join my colleagues in introducing the Better Cybercrime Metrics Act, a bill to require the reporting of information to assist us in preventing further victimization, which is an important focus of my Subcommittee on Crime, Terrorism, and Homeland Security.”

“This Better Cybercrime Metrics Act is a critical first step in helping both government and private industry better understand and address the growing challenge of cybercrime and attacks to our cybersecurity. Aggression we see from cyber criminals and adversaries requires a new era of reporting and collaboration between private and public industry,” said Moore. “I am proud to join my friends, Rep. Abigail Spanberger (D-VA), Rep. Sheila Jackson Lee (D-TX), and Rep. Andrew Garbarino (R-NY), in pursuing commonsense cybersecurity policy that equips our law enforcement and cyber warriors to better understand the scope of the cybercrime challenge. America’s public safety and cyber superiority is on the line, and now is the time to act.”

“Cybercrime is rampant, but despite the rising number of attacks affecting Americans, we do not have a clear picture of the full scope of the problem,” said Garbarino. “I am proud to join Congresswoman Spanberger in introducing this bipartisan legislation to help improve tracking and reporting as it relates to cybercrime. We need to utilize every tool at our disposal, especially those offered by CISA and the rest of the Federal government, to fight back against what is one of the greatest threats of our time.”

“Increased and improved cybercrime data collection is a necessity,” said Robert Burda, Interim CEO & Chief Strategy Officer, Cybercrime Support Network (CSN). “By better understanding the size and scope of cybercrime in the United States, our law enforcement officers, policy makers, and CSN will be able to more effectively serve individuals and small businesses impacted by cybercrime.”

“It is critical that cybercrime is counted in a systematic and complete manner.  Victims of cybercrime, particularly vulnerable victims such as minors, stalking victims, and the elderly, deserve to have those crimes counted and the public deserves to know the nature and extent of cybercrime in our society,” said Eileen M. Decker, Lecturer, USC Gould Law School; former U.S. Attorney; Police Commissioner. “Comprehensive cybercrime data will help ensure robust training and increased resources to law enforcement to investigate cybercrimes, and improved public awareness about the pervasiveness of the cybercrime problem. This bill is an important step to achieving these goals.”

“Cybercrime is pervasive and pernicious, having a negative impact on individuals and communities throughout the United States. The first step in combating the hard problem of cybercrime, like all hard problem, is having a clear, concise, and consistent understanding of cybercrime among all those impacted and those who will face the problem,” said Glen Gainer, President, National White Collar Crime Center (NW3C). “NW3C appreciates the efforts of Congresswoman Spanberger in introducing this bill.”

“Proliferation of technology and data in many aspects of daily life means that most crime has expanded to include a cyber component. Technology is not only the target, it is the tool, the location for critical evidence, as well as source of contraband. This reality begs for uniform national reporting of any crime with a technology nexus,” said Jim Emerson, Vice President, NW3C; and Chairman, International Association of Chiefs of Police Computer Crime and Digital Evidence Committee. “I appreciate the work of Congresswoman Spanberger to bring this bill forward.”

“As a retired state-level cybercrime investigator and current instructor of those who currently investigate and prosecute these offenses, I have an appreciation for the breadth and depth of the complex challenges these criminal justice practitioners face daily. It is not possible to combat cybercrime until it is fully and consistently understood,” said Chuck Cohen, Vice President, NW3C; retired police captain; & professor of criminal justice. “I appreciate that Congresswoman Spanberger understands the challenge and is bringing this bill forward.”

Specifically, the Better Cybercrime Metrics Act would improve federal cybercrime metrics by:

Requiring the Government Accountability Office to report on the effectiveness of current cybercrime mechanisms and highlight disparities in reporting data between cybercrime data and other types of crime data,
Requiring that the National Crime Victimization Survey incorporate questions related to cybercrime in its survey instrument,
Requiring the U.S. Department of Justice to contract with the National Academy of Sciences to develop a taxonomy for cybercrime that can be used by law enforcement, and
Ensuring that the National Incident Based Reporting System — or any successor system — include cybercrime reports from federal, state, and local officials.
BACKGROUND

The Uniform Crime Reporting Act of 1988 requires all federal law enforcement agencies to report crime data through the FBI. However, federal agencies like the FBI and Secret Service — which often have jurisdiction over crimes within the broader definition of cybercrime — are not consistently reporting these numbers into the federal systems. State and local law enforcement reporting on cybercrime is also limited and inconsistently reported to federal agencies.

This lack of detailed, consistent systems for collecting and categorizing data on cybercrime is an impediment to understanding the scope of the problem — thus impairing law enforcement’s ability to protect against cybercrime.

###

To view the law and its status go here: S. 2629 (IS) – Better Cybercrime Metrics Act – Content Details – BILLS-117s2629is (govinfo.gov)

SCARS Supports This Legislation

SCARS also believes that there needs to be significantly more reporting of cybercrimes and that the reports that are made must be better utilized.

We use our U.S. readers to contact their local Congressperson or Senator to urge them to pass this important legislation.