[Congressional Record Volume 167, Number 211 (Tuesday, December 7, 2021)]
[Senate]
[Pages S8957-S8958]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                     BETTER CYBERCRIME METRICS ACT

  Mr. SCHUMER. Mr. President, I ask unanimous consent that the Senate 
proceed to the immediate consideration of Calendar No. 173, S. 2629.
  The PRESIDING OFFICER. The clerk will report the bill by title.
  The senior assistant legislative clerk read as follows:

       A bill (S. 2629) to establish cybercrime reporting 
     mechanisms, and for other purposes.

  There being no objection, the Senate proceeded to consider the bill.
  Mr. SCHUMER. I further ask that the bill be considered read a third 
time and passed and that the motion to reconsider be considered made 
and laid upon the table with no intervening action or debate.
  The PRESIDING OFFICER. Without objection, it is so ordered.
  The bill (S. 2629) was ordered to be engrossed for a third reading, 
was read the third time, and passed, as follows:

                                S. 2629

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Better Cybercrime Metrics 
     Act''.

     SEC. 2. FINDINGS.

       Congress finds the following:
       (1) Public polling indicates that cybercrime could be the 
     most common crime in the United States.
       (2) The United States lacks comprehensive cybercrime data 
     and monitoring, leaving the country less prepared to combat 
     cybercrime that threatens national and economic security.
       (3) In addition to existing cybercrime vulnerabilities, the 
     people of the United States and the United States have faced 
     a heightened risk of cybercrime during the COVID-19 pandemic.
       (4) Subsection (c) of the Uniform Federal Crime Reporting 
     Act of 1988 (34 U.S.C. 41303(c)) requires the Attorney 
     General to ``acquire, collect, classify, and preserve 
     national data on Federal criminal offenses as part of the 
     Uniform Crime Reports'' and requires all Federal departments 
     and agencies that investigate criminal activity to ``report 
     details about crime within their respective jurisdiction to 
     the Attorney General in a uniform matter and on a form 
     prescribed by the Attorney General''.

     SEC. 3. CYBERCRIME TAXONOMY.

       (a) In General.--Not later than 90 days after the date of 
     enactment of this Act, the Attorney General shall seek to 
     enter into an agreement with the National Academy of Sciences 
     to develop a taxonomy for the purpose of categorizing 
     different types of cybercrime and cyber-enabled crime faced 
     by individuals and businesses.
       (b) Development.--In developing the taxonomy under 
     subsection (a), the National Academy of Sciences shall--
       (1) ensure the taxonomy is useful for the Federal Bureau of 
     Investigation to classify cybercrime in the National 
     Incident-Based Reporting System, or any successor system;
       (2) consult relevant stakeholders, including--
       (A) the Cybersecurity and Infrastructure Security Agency of 
     the Department of Homeland Security;
       (B) Federal, State, and local law enforcement agencies;
       (C) criminologists and academics;

[[Page S8958]]

       (D) cybercrime experts; and
       (E) business leaders; and
       (3) take into consideration relevant taxonomies developed 
     by non-governmental organizations, international 
     organizations, academies, or other entities.
       (c) Report.--Not later than 1 year after the date on which 
     the Attorney General enters into an agreement under 
     subsection (a), the National Academy of Sciences shall submit 
     to the appropriate committees of Congress a report detailing 
     and summarizing--
       (1) the taxonomy developed under subsection (a); and
       (2) any findings from the process of developing the 
     taxonomy under subsection (a).
       (d) Authorization of Appropriations.--There are authorized 
     to be appropriated to carry out this section $1,000,000.

     SEC. 4. CYBERCRIME REPORTING.

       (a) In General.--Not later than 2 years after the date of 
     enactment of this Act, the Attorney General shall establish a 
     category in the National Incident-Based Reporting System, or 
     any successor system, for the collection of cybercrime and 
     cyber-enabled crime reports from Federal, State, and local 
     officials.
       (b) Recommendations.--In establishing the category required 
     under subsection (a), the Attorney General shall, as 
     appropriate, incorporate recommendations from the taxonomy 
     developed under section 3(a).

     SEC. 5. NATIONAL CRIME VICTIMIZATION SURVEY.

       (a) In General.--Not later than 540 days after the date of 
     enactment of this Act, the Director of the Bureau of Justice 
     Statistics, in coordination with the Director of the Bureau 
     of the Census, shall include questions relating to cybercrime 
     victimization in the National Crime Victimization Survey.
       (b) Authorization of Appropriations.--There are authorized 
     to be appropriated to carry out this section $2,000,000.

     SEC. 6. GAO STUDY ON CYBERCRIME METRICS.

       Not later than 180 days after the date of enactment of this 
     Act, the Comptroller General of the United States shall 
     submit to Congress a report that assesses--
       (1) the effectiveness of reporting mechanisms for 
     cybercrime and cyber-enabled crime in the United States; and
       (2) disparities in reporting data between--
       (A) data relating to cybercrime and cyber-enabled crime; 
     and
       (B) other types of crime data.

                          ____________________