[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 2629 Enrolled Bill (ENR)]

        S.2629

                    One Hundred Seventeenth Congress

                                 of the

                        United States of America


                          AT THE SECOND SESSION

           Begun and held at the City of Washington on Monday,
          the third day of January, two thousand and twenty two


                                 An Act


 
  To establish cybercrime reporting mechanisms, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
    This Act may be cited as the ``Better Cybercrime Metrics Act''.
SEC. 2. FINDINGS.
    Congress finds the following:
        (1) Public polling indicates that cybercrime could be the most 
    common crime in the United States.
        (2) The United States lacks comprehensive cybercrime data and 
    monitoring, leaving the country less prepared to combat cybercrime 
    that threatens national and economic security.
        (3) In addition to existing cybercrime vulnerabilities, the 
    people of the United States and the United States have faced a 
    heightened risk of cybercrime during the COVID-19 pandemic.
        (4) Subsection (c) of the Uniform Federal Crime Reporting Act 
    of 1988 (34 U.S.C. 41303(c)) requires the Attorney General to 
    ``acquire, collect, classify, and preserve national data on Federal 
    criminal offenses as part of the Uniform Crime Reports'' and 
    requires all Federal departments and agencies that investigate 
    criminal activity to ``report details about crime within their 
    respective jurisdiction to the Attorney General in a uniform matter 
    and on a form prescribed by the Attorney General''.
SEC. 3. CYBERCRIME TAXONOMY.
    (a) In General.--Not later than 90 days after the date of enactment 
of this Act, the Attorney General shall seek to enter into an agreement 
with the National Academy of Sciences to develop a taxonomy for the 
purpose of categorizing different types of cybercrime and cyber-enabled 
crime faced by individuals and businesses.
    (b) Development.--In developing the taxonomy under subsection (a), 
the National Academy of Sciences shall--
        (1) ensure the taxonomy is useful for the Federal Bureau of 
    Investigation to classify cybercrime in the National Incident-Based 
    Reporting System, or any successor system;
        (2) consult relevant stakeholders, including--
            (A) the Cybersecurity and Infrastructure Security Agency of 
        the Department of Homeland Security;
            (B) Federal, State, and local law enforcement agencies;
            (C) criminologists and academics;
            (D) cybercrime experts; and
            (E) business leaders; and
        (3) take into consideration relevant taxonomies developed by 
    non-governmental organizations, international organizations, 
    academies, or other entities.
    (c) Report.--Not later than 1 year after the date on which the 
Attorney General enters into an agreement under subsection (a), the 
National Academy of Sciences shall submit to the appropriate committees 
of Congress a report detailing and summarizing--
        (1) the taxonomy developed under subsection (a); and
        (2) any findings from the process of developing the taxonomy 
    under subsection (a).
    (d) Authorization of Appropriations.--There are authorized to be 
appropriated to carry out this section $1,000,000.
SEC. 4. CYBERCRIME REPORTING.
    (a) In General.--Not later than 2 years after the date of enactment 
of this Act, the Attorney General shall establish a category in the 
National Incident-Based Reporting System, or any successor system, for 
the collection of cybercrime and cyber-enabled crime reports from 
Federal, State, and local officials.
    (b) Recommendations.--In establishing the category required under 
subsection (a), the Attorney General shall, as appropriate, incorporate 
recommendations from the taxonomy developed under section 3(a).
SEC. 5. NATIONAL CRIME VICTIMIZATION SURVEY.
    (a) In General.--Not later than 540 days after the date of 
enactment of this Act, the Director of the Bureau of Justice 
Statistics, in coordination with the Director of the Bureau of the 
Census, shall include questions relating to cybercrime victimization in 
the National Crime Victimization Survey.
    (b) Authorization of Appropriations.--There are authorized to be 
appropriated to carry out this section $2,000,000.
SEC. 6. GAO STUDY ON CYBERCRIME METRICS.
    Not later than 180 days after the date of enactment of this Act, 
the Comptroller General of the United States shall submit to Congress a 
report that assesses--
        (1) the effectiveness of reporting mechanisms for cybercrime 
    and cyber-enabled crime in the United States; and
        (2) disparities in reporting data between--
            (A) data relating to cybercrime and cyber-enabled crime; 
        and
            (B) other types of crime data.

                               Speaker of the House of Representatives.

                            Vice President of the United States and    
                                               President of the Senate.