[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 2629 Introduced in Senate (IS)]

<DOC>






117th CONGRESS
  1st Session
                                S. 2629

 To establish cybercrime reporting mechanisms, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             August 5, 2021

 Mr. Schatz (for himself, Mr. Tillis, Mr. Cornyn, and Mr. Blumenthal) 
introduced the following bill; which was read twice and referred to the 
                       Committee on the Judiciary

_______________________________________________________________________

                                 A BILL


 
 To establish cybercrime reporting mechanisms, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Better Cybercrime Metrics Act''.

SEC. 2. FINDINGS.

    Congress finds the following:
            (1) Public polling indicates that cybercrime could be the 
        most common crime in the United States.
            (2) The United States lacks comprehensive cybercrime data 
        and monitoring, leaving the country less prepared to combat 
        cybercrime that threatens national and economic security.
            (3) In addition to existing cybercrime vulnerabilities, the 
        people of the United States and the United States have faced a 
        heightened risk of cybercrime during the COVID-19 pandemic.
            (4) Subsection (c) of the Uniform Federal Crime Reporting 
        Act of 1988 (34 U.S.C. 41303(c)) requires the Attorney General 
        to ``acquire, collect, classify, and preserve national data on 
        Federal criminal offenses as part of the Uniform Crime 
        Reports'' and requires all Federal departments and agencies 
        that investigate criminal activity to ``report details about 
        crime within their respective jurisdiction to the Attorney 
        General in a uniform matter and on a form prescribed by the 
        Attorney General''.

SEC. 3. CYBERCRIME TAXONOMY.

    (a) In General.--Not later than 90 days after the date of enactment 
of this Act, the Attorney General shall seek to enter into an agreement 
with the National Academy of Sciences to develop a taxonomy for the 
purpose of categorizing different types of cybercrime and cyber-enabled 
crime faced by individuals and businesses.
    (b) Development.--In developing the taxonomy under subsection (a), 
the National Academy of Sciences shall--
            (1) ensure the taxonomy is useful for the Federal Bureau of 
        Investigation to classify cybercrime in the National Incident-
        Based Reporting System, or any successor system;
            (2) consult relevant stakeholders, including--
                    (A) the Cybersecurity and Infrastructure Security 
                Agency of the Department of Homeland Security;
                    (B) Federal, State, and local law enforcement 
                agencies;
                    (C) criminologists and academics;
                    (D) cybercrime experts; and
                    (E) business leaders; and
            (3) take into consideration relevant taxonomies developed 
        by non-governmental organizations, international organizations, 
        academies, or other entities.
    (c) Report.--Not later than 1 year after the date on which the 
Attorney General enters into an agreement under subsection (a), the 
National Academy of Sciences shall submit to the appropriate committees 
of Congress a report detailing and summarizing--
            (1) the taxonomy developed under subsection (a); and
            (2) any findings from the process of developing the 
        taxonomy under subsection (a).
    (d) Authorization of Appropriations.--There are authorized to be 
appropriated to carry out this section $1,000,000.

SEC. 4. CYBERCRIME REPORTING.

    (a) In General.--Not later than 2 years after the date of enactment 
of this Act, the Attorney General shall establish a category in the 
National Incident-Based Reporting System, or any successor system, for 
the collection of cybercrime and cyber-enabled crime reports from 
Federal, State, and local officials.
    (b) Recommendations.--In establishing the category required under 
subsection (a), the Attorney General shall, as appropriate, incorporate 
recommendations from the taxonomy developed under section 3(a).

SEC. 5. NATIONAL CRIME VICTIMIZATION SURVEY.

    (a) In General.--Not later than 540 days after the date of 
enactment of this Act, the Director of the Bureau of Justice 
Statistics, in coordination with the Director of the Bureau of the 
Census, shall include questions relating to cybercrime victimization in 
the National Crime Victimization Survey.
    (b) Authorization of Appropriations.--There are authorized to be 
appropriated to carry out this section $2,000,000.

SEC. 6. GAO STUDY ON CYBERCRIME METRICS.

    Not later than 180 days after the date of enactment of this Act, 
the Comptroller General of the United States shall submit to Congress a 
report that assesses--
            (1) the effectiveness of reporting mechanisms for 
        cybercrime and cyber-enabled crime in the United States; and
            (2) disparities in reporting data between--
                    (A) data relating to cybercrime and cyber-enabled 
                crime; and
                    (B) other types of crime data.
                                 <all>