[Congressional Record Volume 168, Number 54 (Monday, March 28, 2022)]
[House]
[Pages H3868-H3875]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                     BETTER CYBERCRIME METRICS ACT

  Ms. JACKSON LEE. Mr. Speaker, I move to suspend the rules and pass 
the bill (S. 2629) to establish cybercrime reporting mechanisms, and 
for other purposes.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                                S. 2629

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Better Cybercrime Metrics 
     Act''.

     SEC. 2. FINDINGS.

       Congress finds the following:
       (1) Public polling indicates that cybercrime could be the 
     most common crime in the United States.
       (2) The United States lacks comprehensive cybercrime data 
     and monitoring, leaving the country less prepared to combat 
     cybercrime that threatens national and economic security.
       (3) In addition to existing cybercrime vulnerabilities, the 
     people of the United

[[Page H3869]]

     States and the United States have faced a heightened risk of 
     cybercrime during the COVID-19 pandemic.
       (4) Subsection (c) of the Uniform Federal Crime Reporting 
     Act of 1988 (34 U.S.C. 41303(c)) requires the Attorney 
     General to ``acquire, collect, classify, and preserve 
     national data on Federal criminal offenses as part of the 
     Uniform Crime Reports'' and requires all Federal departments 
     and agencies that investigate criminal activity to ``report 
     details about crime within their respective jurisdiction to 
     the Attorney General in a uniform matter and on a form 
     prescribed by the Attorney General''.

     SEC. 3. CYBERCRIME TAXONOMY.

       (a) In General.--Not later than 90 days after the date of 
     enactment of this Act, the Attorney General shall seek to 
     enter into an agreement with the National Academy of Sciences 
     to develop a taxonomy for the purpose of categorizing 
     different types of cybercrime and cyber-enabled crime faced 
     by individuals and businesses.
       (b) Development.--In developing the taxonomy under 
     subsection (a), the National Academy of Sciences shall--
       (1) ensure the taxonomy is useful for the Federal Bureau of 
     Investigation to classify cybercrime in the National 
     Incident-Based Reporting System, or any successor system;
       (2) consult relevant stakeholders, including--
       (A) the Cybersecurity and Infrastructure Security Agency of 
     the Department of Homeland Security;
       (B) Federal, State, and local law enforcement agencies;
       (C) criminologists and academics;
       (D) cybercrime experts; and
       (E) business leaders; and
       (3) take into consideration relevant taxonomies developed 
     by non-governmental organizations, international 
     organizations, academies, or other entities.
       (c) Report.--Not later than 1 year after the date on which 
     the Attorney General enters into an agreement under 
     subsection (a), the National Academy of Sciences shall submit 
     to the appropriate committees of Congress a report detailing 
     and summarizing--
       (1) the taxonomy developed under subsection (a); and
       (2) any findings from the process of developing the 
     taxonomy under subsection (a).
       (d) Authorization of Appropriations.--There are authorized 
     to be appropriated to carry out this section $1,000,000.

     SEC. 4. CYBERCRIME REPORTING.

       (a) In General.--Not later than 2 years after the date of 
     enactment of this Act, the Attorney General shall establish a 
     category in the National Incident-Based Reporting System, or 
     any successor system, for the collection of cybercrime and 
     cyber-enabled crime reports from Federal, State, and local 
     officials.
       (b) Recommendations.--In establishing the category required 
     under subsection (a), the Attorney General shall, as 
     appropriate, incorporate recommendations from the taxonomy 
     developed under section 3(a).

     SEC. 5. NATIONAL CRIME VICTIMIZATION SURVEY.

       (a) In General.--Not later than 540 days after the date of 
     enactment of this Act, the Director of the Bureau of Justice 
     Statistics, in coordination with the Director of the Bureau 
     of the Census, shall include questions relating to cybercrime 
     victimization in the National Crime Victimization Survey.
       (b) Authorization of Appropriations.--There are authorized 
     to be appropriated to carry out this section $2,000,000.

     SEC. 6. GAO STUDY ON CYBERCRIME METRICS.

       Not later than 180 days after the date of enactment of this 
     Act, the Comptroller General of the United States shall 
     submit to Congress a report that assesses--
       (1) the effectiveness of reporting mechanisms for 
     cybercrime and cyber-enabled crime in the United States; and
       (2) disparities in reporting data between--
       (A) data relating to cybercrime and cyber-enabled crime; 
     and
       (B) other types of crime data.

  The SPEAKER pro tempore. Pursuant to the rule, the gentlewoman from 
Texas (Ms. Jackson Lee) and the gentleman from Oregon (Mr. Bentz) each 
will control 20 minutes.
  The Chair recognizes the gentlewoman from Texas.


                             General Leave

  Ms. JACKSON LEE. Mr. Speaker, I ask unanimous consent that all 
Members have 5 legislative days to revise and extend their remarks and 
include extraneous materials on S. 2629.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentlewoman from Texas?
  There was no objection.
  Ms. JACKSON LEE. Mr. Speaker, I yield myself such time as I may 
consume.
  Mr. Speaker, I rise in support of S. 2629, the Better Cybercrime 
Metrics Act. This legislation improves our understanding and tracking 
of cybercrime so that we can do more to prevent it.
  A 2018 Gallup Poll found that 1 in 4 Americans had been a victim of 
cybercrime. And I might say that it has exponentially grown during the 
pandemic. From stolen financial information, to system-wide shutdowns, 
to ransomware attacks, these crimes harm our families, our businesses, 
and our government.
  The Council of Economic Advisers estimates that malicious cyber 
activities cost our economy as much as $109 billion in 2016, and 
experts believe these costs are growing. The COVID-19 pandemic has 
increased opportunities for cybercrime with increases in remote work 
and the time people are spending online. Hackers also took advantage of 
our recovery efforts, stealing identities to file fake unemployment 
claims or fraudulent loan applications. And again, in the midst of 
other innocent Americans not being able to secure those dollars, and 
not being able to secure unemployment claims because of the fake 
process that clouded this system.
  Many of the victims of these scams only learned that they were 
attacked when they went to file genuine claims and were told had 
already been submitted using their names or businesses.
  Sadly, cybercriminals often target older Americans. In 2020, people 
over 60 accounted for the most complaints of any age group as collected 
by the FBI Internet Crime Complaint Center. People over 60 also had the 
greatest losses, with over $966 billion lost to cybercrime in 2020.
  We must do more to protect Americans from cybercrime, and that starts 
with a better understanding of what it is and how it occurs. The Better 
Cybercrime Metrics Act will gather experts in law enforcement, 
business, and technology to create a taxonomy of cybercrime so we can 
define it and classify it in a uniform way.
  This legislation also adds cybercrime to two important law 
enforcement tools used to track crimes: The National Incident-Based 
Reporting System and the National Crime Victimization Survey. Together, 
these provisions will ensure that law enforcement has a complete 
picture of when and where cybercrime occurs and who is harmed by it.
  Finally, this bill directs the Government Accountability Office to 
conduct a study on reporting mechanisms for cybercrime and the 
disparities in cybercrime data relative to other types of crime data. 
Together, this legislation will put in place the tools to clearly 
define and classify cybercrime, to track cybercrime, and to better 
understand this serious threat.
  Mr. Speaker, it is a very serious threat. And in addition to the 
monetary damages, people have been personally and psychologically 
impacted by losses, by lack of employability, by being rejected, for 
some of these claims having to be delayed when the individual who needs 
it is desperate and experiencing a desperate economic condition, to 
find that they have been, in essence, gamed by a cybercriminal. We must 
stop this.
  And as I said earlier, one of the most vulnerable populations are 
individuals over 60. And really when you find those in their seventies, 
eighties, nineties, who have lived their lives, supported this Nation, 
and become victims of cybercrime, it is something that compels you to 
really want to stop this threat.
  I commend Senators Brian Schatz and Thom Tillis for their work on 
this bipartisan legislation. I also thank Representative Abigail 
Spanberger for her leadership on the House companion to this bill. I 
was proud to stand with her in introducing the House companion, along 
with our Republican colleagues, Representative Blake Moore and 
Representative  Andrew Garbarino.
  We must give law enforcement the tools to keep pace with new 
technology and to get a step ahead of the threats faced by our ever-
evolving world. This bill takes an important step in that effort, and I 
urge my colleagues to support it.
  Mr. Speaker, I reserve the balance of my time.

[[Page H3870]]

  


                           Memorandum Excerpt

     To: Members of the House Judiciary Committee
     From: The Honorable Jerrold Nadler, Chairman, Committee on 
         the Judiciary
     Re: Markup of H.R. 4977, the ``Better Cybercrime Metrics 
         Act''; H.R. 55, the ``Emmett Till Antilynching Act''; 
         H.R. 5338, the ``Radiation Exposure Compensation Act 
         Amendments of 2021''; and H.R. 5796, the ``Patents for 
         Humanity Act of 2021''
     Date: Tuesday, December 7, 2021
       On Wednesday, December 8, 2021 at 10:00 a.m. in 2141 
     Rayburn House Office Building, the House Judiciary Committee 
     will mark up the following measures: H.R. 3359, the 
     ``Homicide Victims' Families' Rights Act of 2021''; H.R. 
     4977, the ``Better Cybercrime Metrics Act''; H.R. 55, the 
     ``Emmett Till Antilynching Act''; H.R. 5338, the ``Radiation 
     Exposure Compensation Act Amendments of 2021''; and H.R. 
     5796, the ``Patents for Humanity Act of 2021''.


          II. H.R. 4977, the ``Better Cybercrime Metrics Act''

       H.R. 4977, the ``Better Cybercrime Metrics Act'' would 
     improve the U.S. government's understanding, measurement, and 
     tracking of cybercrime. The bill would direct the Department 
     of Justice to work with the National Academy of Sciences, in 
     consultation with relevant stakeholders, to develop a 
     taxonomy of cybercrime that could be used by law enforcement 
     to ensure that the National Incident-Based Reporting System 
     (NIBRS), or any successor system, include cybercrime reports 
     from federal, state, and local officials. It also directs the 
     Bureau of Justice Statistics to include questions relating to 
     cybercrime in the National Crime Victimization Survey. The 
     bill also directs the Government Accountability Office (GAO) 
     to report on the effectiveness of current cybercrime 
     reporting mechanisms and highlight disparities in reporting 
     data between cybercrime data and other types of crime data. 
     This bipartisan bill was introduced on August 6, 2021 by 
     Representative Abigail Spanberger (D-VA) and currently has 18 
     cosponsors. An identical Senate companion, S. 2629 (Schatz-
     HI, Tillis-NC, Cornyn-TX, Durbin-IL), was marked up by the 
     Senate Judiciary Committee on November 18 and favorably 
     reported on a unanimous voice vote. The Chairman will offer 
     an amendment in the nature of a substitute to H.R. 4977.


                         A. General Background

       Cybercrime continues to be a significant threat to 
     businesses, governments, and individual Americans. Cybercrime 
     includes a broad range of conduct including phishing, 
     ransomware, identity theft, and data breaches.\1\ A recent 
     survey found one in five Americans have been victims of 
     ransomware.\2\ The COVID-19 pandemic created new 
     opportunities for cybercrime, including COVID-related 
     phishing and malware, with 35.9% of the world's COVID-19 
     cyber threats occurring in the United States.\3\ Cyber 
     attackers mainly rely on phishing attacks, which is the most 
     common attack as measured by the number of victims.\4\ 
     Attackers also use online tools for extortion, data breaches, 
     identity theft, extracting ransoms, email compromise schemes, 
     impersonating charities and government actors, and other 
     schemes.\5\ Researchers attribute the rise in attacks to the 
     increase in remote work and the lower security protections at 
     one's home compared to an office.\6\
       Cybercrime is costly and harms individuals, government 
     entities, and businesses across a broad range of industries. 
     The average data breach in 2020 cost companies $3.83 million 
     dollars.\7\ Email compromise schemes, in which email accounts 
     are compromised to conduct unauthorized transfers of funds, 
     accounted for over $1.8 billion in losses in 2020.\8\ In the 
     first six months of 2021, six ransomware organizations hacked 
     292 organizations and stole $45 million dollars.\9\ 
     Organizations that experienced cybercrime this year include 
     the Colonial Pipeline, the Steamship Authority of 
     Massachusetts, JBS Foods, and the Washington D.C. 
     Metropolitan Police Department.\10\ As shown by the gas 
     shortage due to the Colonial Pipeline breach, these attacks 
     can shut down critical infrastructure, create shortages, 
     increase the cost of goods and services, and cost 
     organizations money from both operational shutdowns and 
     paying ransoms to hackers.\11\ Likewise, the December 2020, 
     SolarWinds attack targeted SolarWinds' 300,000 customers and 
     endangered the cybersecurity of many federal government 
     agencies, including the Department of Defense, as well as 425 
     of the U.S. Fortune 500 companies.\12\ Cybercrime harms 
     businesses across all industries, but it had a particular 
     effect on companies responding to the COVID-19 pandemic by 
     disrupting COVID-19 supply chains and the government's 
     efforts to address the spreading virus.\13\
       Bad actors gravitate to cyber-attacks because of the 
     anonymity the internet provides and the low chances of 
     getting caught. The detection and prosecution rate of cyber 
     criminals in the United States is .05%.\14\ Given the 
     difficulty in tracing and prosecuting these crimes, it is 
     important to further study and track them so that we can work 
     to prevent cybercrime. H.R. 4977, the Better Cybercrime 
     Metrics Act will provide law enforcement with the tools to 
     uniformly classify and track cybercrime, furthering the 
     government's understanding of this serious problem and 
     building the foundation for improved cybercrime prevention 
     efforts.


  B. Section-by-Section Analysis for the Amendment in the Nature of a 
                               Substitute

       Section 1. Short Title. Section 1 sets forth the short 
     title of the bill as the ``Better Cybercrime Metrics Act.''
       Section 2. Cybercrime Taxonomy. Section 2 requires, within 
     90 days of the passage of the Act, the DOJ and the National 
     Academy of Sciences to develop a taxonomy that can be used by 
     law enforcement to categorize and track cybercrime, and 
     requires that the taxonomy be presented to Congress. The bill 
     authorizes $1,000,000 to carry out this section.
       Section 3. Cybercrime Reporting. Section 3 requires, not 
     later than 2 years after the passage of the Act, the DOJ to 
     establish a category in the National Incident-Based Reporting 
     System to enable the collection of cybercrime and cyber-
     enabled crime reports from Federal, State, and local 
     officials, incorporating the taxonomy developed under Section 
     2 as appropriate.
       Section 4. National Crime Victimization Survey. Section 4 
     requires cybercrime to be added to the National Crime 
     Victimization Survey. The bill authorizes $2,000,000 to carry 
     out this section.
       Section 5. GAO Study on Cybercrime Metrics. Section 5 
     directs the GAO to do a study on the current reporting 
     mechanisms of cybercrime and the disparities in data between 
     (A) data relating to cybercrime and cyber-enabled crime; and 
     (B) other types of crime data.


                                Endnotes

       \1\ Fed. Bureau of Investigation, Internet Crime Complaint 
     Ctr., Internet Crime Report 2020 19 (2021) https://
www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf.
       \2\ Joe Franscella, Anomali Harris Poll: Ransomware Hits 1 
     in 5 Americans, Anomali (Aug. 16, 2019), https://
www.anomali.com/blog/anomali-harris-poll-ransomware-hits-1-
in-5.
       \3\ Trend Micro Research, Attacks from All Angles: 2021 
     Midyear Cybersecurity Report 23 (2021) https://
documents.trendmicro.com/assets/rpt/rpt-attacks-from-all-
angles.pdf.
       \4\ Fed. Bureau of Investigation, Internet Crime Complaint 
     Ctr., Internet Crime Report 2020 6 (2021) https://
www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf.
       \5\ Id. at 19.
       \6\ The 10 Biggest Ransomware Attacks of 2021, Touro 
     College Illinois (Nov. 12, 2021). https://illinois.touro.edu/
news/the-10-biggest-ransomware-attacks-of-2021.php.
       \7\ Ken Brisco, Cost of a Data Breach: Behind the Numbers 
     of a Cvbersecurity Response Plan, Secureworks (Jul. 27, 
     2021), https://www.secureworks.com/blog/data-breach-response-
planning-cyber-threat-intelligence.
       \8\ Fed. Bureau of Investigation, Internet Crime Complaint 
     Ctr., Internet Crime Report 2020 10 (2021) https://
www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf.
       \9\ Six Ransomware Gangs Claim 290+ New Victims in 2021, 
     Potentially Reaping $45 Million for the Hackers, eSentire. 
     https://www.esentire.com/resources/library/six-ransomware-
gangs-claim-290-new-victims-in-2021-potentially-reaping-45-
million-for-the-hackers (last visited Dec. 3. 2021).
       \10\ The 10 Biggest Ransomware Attacks of 2021, Touro 
     College Illinois (Nov. 12, 2021), https://illinois.touro.edu/
news/the-10-biggest-ransomware-attacks-of-2021.php.
       \11\ Id.
       \12\ Jake Williams, What You Need to Know About the 
     SolarWinds Supply-Chain Attack, SANS Institute (Dec. 15, 
     2020) https://www.sans.org/blog/what-you-need-to-know-about-
the-solarwinds-supply-chain-attack.
       \13\ Jackie Drees, Cyberattacks on COVID-19 vaccine supply 
     chain much larger than initially thought, IBM says, Becker's 
     Hospital Review (Apr. 30, 2021) https://
www.beckershospitalreview.com/cybersecurity/cyberattacks-on-
covid-19-vaccine-supply-chain-much-larger-than-initially-
thought-ibm-savs.html.
       \14\ Mieke Eoyang, Alison Peters, Ishan Mehta, Brandon 
     Gaskew, To Catch a Hacker: Toward a comprehensive strategy to 
     identify, pursue, and punish malicious cyber actors, Third 
     Way (Dec. 3, 2021) https://www.thirdway.org/report/to-catch-
a-hacker-toward-a-comprehensive-strategy-to-identify-pursue-
and-punish-malicious-cyber-actors.
  Mr. BENTZ. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, American businesses and American citizens face a growing 
number of cybercrimes. Cybercrime is a particularly complicated form of 
criminal conduct and one that costs Americans billions of dollars a 
year in theft.
  This bill would require the Attorney General to enter into an 
agreement with the National Academy of Sciences to develop a method for 
categorizing different types of cybercrime. The Attorney General would 
also establish a cybercrime category in the National Incident-Based 
Reporting System so that States can better report cybercrime data to 
the Federal Government.
  The bill would also require the Bureau of Justice Statistics to 
include cybercrime victimization questions in the National Crime 
Victimization Survey. There is no question that we must do more to 
bring cybercriminals to justice.

[[Page H3871]]

  In August of 2021, the Biden administration released a notorious 
Russian cybercriminal early from Federal custody. The individual is 
described as, ``one of the most connected and skilled malicious hackers 
ever apprehended by the U.S. authorities.'' And for unknown reasons, 
the administration let him out of Federal prison early and shipped him 
back to Moscow.
  We have asked the Biden administration's Justice Department for more 
information about this early release of this cybercriminal, but we have 
received nothing as of yet. Similarly, we don't have enough information 
to determine whether this legislation will bring more cybercriminals to 
justice. We haven't heard from relevant stakeholders on these issues, 
and we haven't held hearings with experts to determine whether this is 
the right step at this time.
  This bill would require GAO to submit a report to Congress that 
assesses the effectiveness of reporting mechanisms for cybercrime and 
disparities in reporting data between cybercrime and other types of 
crime.
  Why aren't we starting with that?
  Why are we making changes to cybercrime reporting mechanisms before 
the GAO can evaluate whether the existing reporting mechanisms are 
effective?
  It makes more sense for us to have hearings, evaluate GAO's findings, 
and hear from experts. Then we can examine whether the other provisions 
of this bill are necessary and appropriate.
  In another instance of putting the cart before the horse, the 
Committee on the Judiciary is scheduled to hear from Bryan A. Vorndran, 
the assistant director of Cyber Division at the FBI tomorrow. Perhaps 
we should have waited to see what he had to say before rushing this 
legislation to the floor.
  Mr. Speaker, I reserve the balance of my time.
  Ms. JACKSON LEE. Mr. Speaker, I yield 5 minutes to the gentlewoman 
from Virginia (Ms. Spanberger), who was astute enough to be able to 
offer the companion bill, and I thank her for her leadership and career 
leadership on these issues.
  Ms. SPANBERGER. Mr. Speaker, I rise today in support of my Better 
Cybercrime Metrics Act and its companion bill in the U.S. Senate, S. 
2629. And I thank the gentlewoman from Texas (Ms. Jackson Lee) for that 
introduction and for her support of this bill since the moment we 
introduced it.
  Mr. Speaker, our Nation is under constant attack from cybercriminals. 
And with the range of new threats emanating from adversaries around the 
world, including the Russian Federation, Congress has an obligation to 
move legislation forward that can better protect the American people, 
their data, their finances, and their personal information.
  Over the last few years, we have seen massive rates of cybercrime. 
Millions of Americans have had their personal data compromised, their 
money stolen, their identity taken, or their safety put at serious 
risk. In fact, cybercrime remains the most common crime in America, and 
this trend was only exacerbated by the pandemic and the many fraudsters 
looking to scam vulnerable Americans in a moment of crisis or make a 
quick buck off of a global catastrophe.
  Unfortunately, a vast majority of these crimes are not properly 
reported or tracked by law enforcement. Far too often, they are not 
measured or even documented. And to make matters worse, our government 
lacks the preparedness required to fully address the next generation of 
cybercrime and cyberattacks.
  Our legislation would give law enforcement agencies the tools they 
need to better track and identify cybercrime, prevent attacks, and hold 
perpetrators accountable. Our bill would require Federal reporting on 
the effectiveness of current cybercrime mechanisms.
  And it would go one step further--it would also highlight disparities 
in reporting data between cybercrime data and other types of crime 
data. This is such an important step for strengthening our 
understanding and our defenses against the phishing attempts, 
extortion, identity theft, and ransomware attacks that are plaguing 
everyday Americans in communities and across our country. Additionally, 
our bill would make sure America's law enforcement is prepared for the 
next generation of cyberattacks.
  Mr. Speaker, I am a proud former Federal law enforcement officer, and 
I understand that local and State police and sheriff's departments are 
often strained for resources. And I know that their time is precious, 
so I recognize the importance of having their backs and making sure 
that we have as much information as possible about potential threats.
  This legislation follows through on that commitment and it is why I 
am glad to see it endorsed by several national organizations--including 
the National Fraternal Order of Police, the National Association of 
Police Organizations, the Major Cities Chiefs Association, and the 
National White Collar Crime Center, which has a presence in Virginia's 
Seventh District.
  In fact, this legislation--bipartisan and bicameral--was partially 
inspired by the attack on the Colonial pipeline last year, something 
that impacted many communities across my district.
  After thousands of Virginians, their gas tanks, and their wallets 
were impacted by this disruptive ransomware attack, I was proud to 
build a bipartisan coalition focused on improving America's efforts to 
undercut hackers, protect critical infrastructure, and strengthen 
existing cybercrime prevention efforts.
  Mr. Speaker, I thank my colleagues in the U.S. House of 
Representatives who joined this bipartisan coalition. I thank 
Congressman Blake Moore, Congressman  Andrew Garbarino, and 
Congresswoman Sheila Jackson Lee for their partnership. Clearly, there 
is still bipartisan consensus for cybersecurity reforms and 
protections.
  Mr. Speaker, I also thank our friends across the Capitol complex for 
ushering the Senate version through the process. Thank you to Senators 
Schatz, Tillis, Cornyn, and Blumenthal for your cooperation and 
leadership on this important bicameral effort.
  When our bipartisan bill passes the House tonight, it will head to 
the President's desk to be signed into law. And with a stroke of a pen, 
we will ensure that our national crime classification system can 
properly identify cybercrimes and prevent future attacks.
  Once our legislation is signed into law, we will be protecting more 
families who bank online. We will be protecting more businesses who 
manage their employees' payroll information over the internet. We will 
be protecting more seniors who are using the internet to communicate 
with their loved ones far away or rely on the internet to manage their 
Federal benefits, such as Social Security.
  Together, we will thwart cybercriminals. And together, we will 
prevent more Americans from becoming targets or victims online.
  Mr. BENTZ. Mr. Speaker, I reserve the balance of my time.
  Ms. JACKSON LEE. Mr. Speaker, I am prepared to close, and I reserve 
the balance of my time.

                              {time}  1700

  Mr. BENTZ. Mr. Speaker, I urge my colleagues to oppose this bill, and 
I yield back the balance of my time.
  Ms. JACKSON LEE. Mr. Speaker, I yield myself such time as I may 
consume.
  Mr. Speaker, let me just take an opportunity to thank Congresswoman 
Spanberger for the knowledge she brings to this issue and to this 
legislation. We have already said that this is not a harmless crime.
  Mr. Speaker, I include in the Record Cybercrime predictions for 2022: 
Deepfakes, cryptocurrencies, and misinformation, to further emphasize 
the lack of the harmlessness that it is. It is harmful. One sentence 
says it all: Fake news 2.0 and the return of misinformation campaigns. 
They cite in particular COVID-19. I think all of us can attest to the 
terrible damage that was done during the pandemic with the huge issues 
of the question of COVID and the vaccination. Fake vaccine passport 
certificates were on sale for $100 to $125, and the volume of 
advertising groups and group sizes publishing sellers and multiplied 
over and over again.

                  [From the Future, December 4, 2021]

   Cybercrime Predictions for 2022: Deepfakes, Cryptocurrencies, and 
                             Misinformation

                           (By Maya Horowitz)

       While cybercriminals continue to leverage the impact of the 
     COVID-19 pandemic, they

[[Page H3872]]

     will also find new opportunities to attack such as deepfakes, 
     cryptocurrency and mobile wallets.
       In 2021, cyber criminals adapted their attack strategy to 
     exploit vaccination mandates, elections and the shift to 
     hybrid work, to target organizations' supply chains and 
     networks for them to achieve maximum disruption.
       The sophistication and scale of cyberattacks will continue 
     to break records and we can expect a huge increase in the 
     number of ransomware and mobile attacks. Looking ahead, 
     organizations should remain aware of the risks and ensure 
     that they have the appropriate solutions in place to prevent 
     them without disrupting their normal business flow. To stay 
     ahead of threats, organizations must be proactive and leave 
     no part of their attack surface unprotected or unmonitored or 
     otherwise risk becoming the next victim of sophisticated, 
     targeted attacks.


                 Global cybercrime predictions for 2022

     Fake news 2.0 and the return of misinformation campaigns
       The claim of `fake news' surrounding contentious issues has 
     become a new attack vector over previous years without people 
     really understanding its full impact. Throughout 2021, 
     misinformation was spread about the COVID-19 pandemic and 
     vaccination information. The black market for fake vaccine 
     certificates expanded globally, now selling fakes from 29 
     countries. Fake `vaccine passport' certificates were on sale 
     for $100-120 and the volume of advertisement groups and group 
     sizes publishing sellers multiplied within the year. In 2022, 
     cyber groups will continue to leverage these types of fake 
     news campaigns to execute cybercrime through various phishing 
     attacks and scams.
       In addition, prior to the 2020 US presidential election, 
     Check Point researchers spotted surges in malicious election-
     related domains and the use of ``meme camouflage'' aimed at 
     shifting public opinion. In the run-up to the US midterm 
     elections in November 2022, we can expect to see these 
     activities in full effect and for misinformation campaigns to 
     return on social media.
     Cyberattacks targeting supply chains
       Supply chain attackers take advantage of a lack of 
     monitoring within an organization's environment. They can be 
     used to perform any type of cyberattack, such as data 
     breaches and malware infections.
       The well known cybercrime--SolarWinds supply chain attack 
     stands out in 2021 due to its scale and influence, but other 
     sophisticated supply chain attacks have occurred such as 
     Codecov in April, and most recently, Kaseya. Kaseya provides 
     software for Managed Service Providers and the REvil 
     ransomware gang exploited the company to infect over 1,000 
     customers with ransomware. The group demanded a ransom of $70 
     million to provide decryption keys for all affected 
     customers.
       Supply chain attacks will become more common and 
     governments will have to establish regulations to address 
     these attacks and protect networks. They will also look into 
     collaborating with the private sectors and internationally to 
     identify and target more threat groups operating on global 
     and regional scales. In 2022, expect to discover more about 
     the global impact of the infamous Sunburst attack.
     The cyber `cold war' intensifies
       The cyber way is intensifying, and taking place online as 
     more nation-state actors push Western governments to continue 
     to destabilize society. Improved infrastructure and 
     technological capabilities will enable terrorists groups and 
     political activists to further their cybercrime agendas and 
     carry out more sophisticated, widespread attacks. 
     Cyberattacks will increasingly be used as proxy conflicts to 
     destabilize activities globally.
     Data breaches are larger scale and more costly
       Going into 2022 we will see an increase in data breaches 
     that will be larger scale. These breaches will also have the 
     potential to cost organizations and governments more to 
     recover. In May 2021, a US insurance giant paid $40 million 
     in ransom to hackers. This was a record, and we can expect 
     ransom demanded by attackers to increase in 2022.


             Technology cybersecurity predictions for 2022

     Mobile malware attacks increase as more people use mobile 
         wallets and payment platforms:
       In 2021, 46 percent of organizations had at least one 
     employee download a malicious mobile application. The move to 
     remote work for almost entire populations across the world 
     during the COVID-19 pandemic saw the mobile attack surface 
     expand dramatically, resulting in 97 percent of organizations 
     facing mobile threats from several attack vectors. As mobile 
     wallets and mobile payment platforms are used more 
     frequently, cybercrimes will evolve and adapt their 
     techniques to exploit the growing reliance on mobile devices.
     Cryptocurrency becomes a focal point for cyberattacks 
         globally
       When money becomes purely software, the cybersecurity 
     needed to protect us from hackers stealing and manipulating 
     bitcoins and altcoins is sure to change in unexpected ways. 
     As reports of stolen crypto wallets triggered by free 
     airdropped NFTs become more frequent, Check Point Research 
     (CPR) investigated OpenSea and proved it was possible to 
     steal crypto wallets of users by leveraging critical 
     security. In 2022, we can expect to see an increase in 
     cryptocurrency related attacks.
     Attackers leverage vulnerabilities in microservices to launch 
         largescale attacks
       The move to the cloud and DevOps will result in a new form 
     of cybercrime. With microservices becoming the leading method 
     for application development, and microservices architecture 
     being embraced by Cloud Service Providers (CSPs), attackers 
     are using vulnerabilities found in microservices to launch 
     their attacks. We can also expect to see large scale attacks 
     targeting CSPs.
     Deepfake technology weaponized
       Techniques for fake video or audio are now advanced enough 
     to be weaponized and used to create targeted content to 
     manipulate opinions, stock prices or worse. As in the case of 
     other mobile attacks that rely on social engineering, the 
     results of a phishing attacks can range from fraud to more 
     advanced espionage. For instance in one of the most 
     significant deepfake phishing attacks, a bank manager in the 
     United Arab Emirates fell victim to a threat actor's scam. 
     Hackers used AI voice cloning to trick the bank manager into 
     transferring $35 million. Threat actors will use deepfake 
     social engineering attacks to gain permissions and to access 
     sensitive data.
     Penetration tools continue to grow
       Globally in 2021, 1 out of every 61 organizations was being 
     impacted by ransomware each week. Cybercrime through 
     ransomware will continue to grow, despite the efforts of law 
     enforcement to limit this growth globally. Threat actors will 
     target companies that can afford paying ransom, and 
     ransomware attacks will become more sophisticated in 2022. 
     Hackers will increasingly use penetration tools to customize 
     attacks in real time and to live and work within victim 
     networks. Penetration tools are the engine behind the most 
     sophisticated ransomware attacks that took place in 2021. As 
     the popularity of this attack method grows, attackers will 
     use it to carry out data exfiltration and extortion attacks.

  Ms. JACKSON LEE. Mr. Speaker, I include in the Record the article: 
``Ho, Ho, Ho, Holiday Scams'' FBI Portland. During the 2020 holiday 
season, this article says this FBI Internet Compliance Center received 
more than 17,000 complaints regarding the nondelivery of goods 
resulting in losses of more than $53 billion.

                 [From FBI Portland, December 1, 2021]

                       Ho, Ho, Ho, Holiday Scams!

                         (By Beth Anne Steele)

       If you're doing online shopping this holiday season, be on 
     the lookout for scammers trying to steal a deal, too!
       During the 2020 holiday shopping season, the FBI Internet 
     Crime Complaint Center (IC3.gov) received more than 17,000 
     complaints regarding the non-delivery of goods, resulting in 
     losses of more than $53 million. The FBI anticipates this 
     number could increase during the 2021 holiday season due to 
     rumors of merchandise shortages and the ongoing pandemic.
       ``Oftentimes when we talk about cyber crimes, we are 
     referring to massive intrusions into financial institutions 
     or ransomware attacks against large providers. Smaller cyber 
     scams run by individuals or groups can be just as frustrating 
     and difficult for families this time of year when all you 
     want to do is provide the perfect gift for your family. The 
     best thing you can do to be a savvy shopper is to know what 
     scams are out there and take some basic precautions,'' says 
     Kieran L. Ramsey, special agent in charge of the FBI in 
     Oregon.
       Here's a look at some of the more common scams:
       Online Shopping Scams:
       Scammers often offer too-good-to-be-true deals via phishing 
     emails, through social media posts, or through ads. Perhaps 
     you were trying to buy tickets to the next big concert or 
     sporting event and found just what you were looking for--at a 
     good deal--in an online marketplace? Those tickets could end 
     up being bogus. Or, perhaps, you think you just scored a 
     hard-to-find item like a new gaming system? Or a designer bag 
     at an extremely low price? If you actually get a delivery, 
     which is unlikely, the box may not contain the item you 
     ordered in the condition you thought it would arrive. In the 
     meantime, if you clicked on a link to access the deal. you 
     likely gave the fraudster access to download malware onto 
     your device, and you gave him personal financial information 
     and debit/credit card details.
       Social Media Shopping Scams:
       Consumers should beware of posts on social media sites that 
     appear to offer special deals, vouchers, or gift cards. Some 
     may appear as holiday promotions or contests. Others may 
     appear to be from known friends who have shared the link. 
     Often, these scams lead consumers to participate in an online 
     survey that is designed to steal personal information. If you 
     click an ad through a social media platform, do your due 
     diligence to check the legitimacy of the website before 
     providing credit card or personal information.
       Gift Card Scams:
       Gift cards are popular and a great time saver. but you need 
     to watch for sellers who say they can get you cards below-
     market value. Also, be wary of buying any card in a

[[Page H3873]]

     store if it looks like the security PIN on the back has been 
     uncovered and recovered. Your best bet is to buy digital gift 
     cards directly from the merchant online. Another twist on 
     this scam involves a person who receives a request to 
     purchase gift cards in bulk. Here's how it works: the victim 
     receives a spoofed email, a phone call, or a text from a 
     person who they believe is in authority (such as an executive 
     at the company). The fraudster tells the victim to purchase 
     multiple gift cards as gifts. The victim does so and then 
     passes the card numbers and PINs to the ``executive'' who 
     cashes out the value.
       Charity Scams:
       Charity fraud rises during the holiday season when people 
     want to make end-of-year tax deductible gifts or just wish to 
     contribute to a good cause. These seasonal scams can be more 
     difficult to stop because of their widespread reach, limited 
     duration and, when done online, minimal oversight. Bad actors 
     target victims through cold calls, email campaigns, 
     crowdfunding platforms, or fake social media accounts and 
     websites. Fraudsters make it easy for victims to give money 
     and to feel like they're making a difference. The scammer 
     will divert some or all the funds for personal use, and those 
     most in need will never see the donations.
       Tips to Avoid Being Victimized:
       Pay for items using a credit card dedicated for online 
     purchases, checking the card statement frequently, and never 
     saving payment information in online accounts.
       Never make purchases using public Wi-Fi.
       Beware of vendors that require payment with a gift card, 
     wire transfer, cash, or cryptocurrency.
       Research the seller to ensure legitimacy. Check reviews and 
     do online searches for the name of the vendor and the words 
     ``scam'' or ``fraud.''
       Check the contact details listed on the website to ensure 
     the vendor is real and reachable by phone or email.
       Confirm return and refund policies.
       Be wary of online retailers who use a free email service 
     instead of a company email address.
       Don't judge a company by its website. Flashy websites can 
     be set up and taken down quickly.
       Do not click on links or provide personal or financial 
     information to an unsolicited email or social media post.
       Secure credit card accounts, even rewards accounts, with 
     strong passwords or passphrases. Change passwords or 
     passphrases regularly.
       Make charitable contributions directly, rather than through 
     an intermediary, and pay via credit card or check. Avoid cash 
     donations, if possible.
       Only purchase gift cards directly from a trusted merchant.
       Make sure anti-virus/malware software is up to date and 
     block pop-up windows.
       What to Do if You Are a Victim:
       If you are a victim of an online scam, the FBI recommends 
     taking the following actions:
       Report the activity to the Internet Crime Complaint Center 
     at IC3.gov, regardless of dollar loss. Provide all relevant 
     information in the complaint.
       Contact your financial institution immediately upon 
     discovering any fraudulent or suspicious activity and direct 
     them to stop or reverse the transactions.
       Ask your financial institution to contact the corresponding 
     financial institution where the fraudulent or suspicious 
     transfer was sent.

  Ms. JACKSON LEE. Mr. Speaker, I include in the Record the article: 
``Without major changes, more Americans can be victims of online 
crime'' The Hill. ``When you turn on the TV or read the newspaper, it 
is hard to ignore headlines: `Colonial Pipeline a Victim of Massive 
Ransomware Attack.' `50 Million People Affected by T-Mobile Data 
Breach.' `Hackers Exploit SolarWinds to Spy on U.S. Government 
Agencies.' ''

                     [From The Hill, Aug. 30, 2021]

 Without Major Changes, More Americans Could Be Victims of Online Crime

                  (By Rep. Abigail Spanberger (D-VA))

       When you turn on the TV or read the newspaper, it's hard to 
     ignore the headlines: ``Colonial Pipeline a Victim of Massive 
     Ransomware Attack.'' ``50 Million People Affected by T-Mobile 
     Data Breach.'' ``Hackers Exploit SolarWinds to Spy on U.S. 
     Government Agencies.''
       These major attacks represent a serious threat to our 
     economy and our national security. After the Colonial 
     Pipeline attack impacted thousands of our neighbors in 
     Central Virginia, I was adamant about how our government must 
     vastly improve its efforts to undercut the activity of 
     hackers, protect critical infrastructure, and strengthen our 
     cybercrime prevention efforts.
       But the story of cybercrime in 2021 goes far beyond these 
     news-making cyberattacks--it extends into our communities, 
     our neighborhoods, and our homes.
       If you are a family banking online, a business managing 
     your employees' payroll information, or a senior accessing 
     federal benefits on the internet, you are no stranger to 
     thinking about how a cyber breach or attack could affect you. 
     Even worse, you might already be one of the millions of 
     Americans whose personal data has been compromised, money or 
     identity stolen, or safety put at risk.
       In 2018, Gallup found that nearly one in four U.S. 
     households has been a victim of cybercrime--making it the 
     most common crime in America. To confront cybercriminals and 
     their enablers, we need to have a better understanding of 
     these incidents. However, many of these cases--a vast 
     majority of these crimes--are not properly reported or 
     tracked by law enforcement Often, they are not measured at 
     all.
       By some estimates, the Federal Bureau of Investigation 
     (FBI) may only collect about one in 90 of all cybercrime 
     incidents in its Internet Crime Complaint Center (IC3) 
     database. The lack of information about cyber and cyber-
     enabled crime is divorced from what Americans are actually 
     facing on a day-to-day basis an increased risk of cybercrime. 
     What's more, these crimes are rising at an alarming rate.
       Compounding this challenge is the fact that federal, state, 
     and local governments do not have a comprehensive, effective 
     system to measure cybercrime. In 2021--decades after the dawn 
     of the internet age--we remain woefully unprepared to prevent 
     or respond to the next generation of cyberattacks.
       Accountability for these crimes--and protection against 
     them--can't fully take shape until we have a clear picture of 
     the current state of play. For this reason, we need to take 
     real steps to improve how we track, measure, analyze, and 
     prosecute cybercrime.
       Earlier this month, I introduced the bipartisan Better 
     Cybercrime Metrics Act, which would allow our federal 
     government and law enforcement to better track and identify 
     cybercrime, prevent attacks, and go after perpetrators. This 
     bill would strengthen our understanding and our defenses 
     against the phishing attempts, extortion, ransomware, and 
     identity theft that are plaguing everyday Americans.
       As a former federal law enforcement agent, I understand 
     that local and state police and sheriff's departments are 
     often strained for resources and time. And as a former CIA 
     case officer, I recognize the importance of gathering as much 
     information as possible about potential threats--so that we 
     can prevent attacks on American citizens and American 
     businesses.
       If signed into law, the Better Cybercrime Metrics Act would 
     improve our cybercrime metrics, anticipate future trends, and 
     make sure law enforcement has the tools and resources they 
     need.
       Our bill would require federal reporting on the 
     effectiveness of current cybercrime mechanisms and highlight 
     disparities in reporting data between cybercrime data and 
     other types of crime data.
       Additionally, it would require the National Crime 
     Victimization Survey to ask questions related to cybercrime 
     in its surveys--and it would make sure that the FBI's 
     National Incident Based Reporting System include cybercrime 
     reports from federal, state, and local officials.
       Notably, our bill would also require the U.S. Department of 
     Justice to contract with the National Academy of Sciences to 
     develop a standard taxonomy for cybercrime. These metrics 
     could be used by law enforcement across the board.
       I was proud to introduce this legislation alongside my 
     colleagues U.S. Reps. Blake Moore (R-Utah), Andrew Garbarino 
     (R-N.Y.), and Sheila Jackson Lee (D-Texas). Clearly, there is 
     consensus for these reforms and protections across the 
     political spectrum.
       In the Senate, a companion bill is being led by Sen. Brian 
     Schatz (D-Hawaii). Joining him are Thom Tillis (R-N.C.), John 
     Cornyn (R-Texas), and Richard Blumenthal (D-Conn.). I am 
     proud to have their partnership on this important, bicameral 
     effort.
       With this legislation and an improved understanding of the 
     threats ahead, we can prevent more Americans from becoming 
     targets--or victims--online.

  Ms. JACKSON LEE. Mr. Speaker, I include in the Record the article 
titled: ``U.S. Military Has Acted Against Ransomware Groups, General 
Acknowledges.''

              [From the New York Times, December 5, 2021]

U.S. Military Has Acted Against Ransomware Groups, General Acknowledges

                         (By Julian E. Barnes)

       Simi Valley, Calif.--The U.S. military has taken actions 
     against ransomware groups as part of its surge against 
     organizations launching attacks against American companies, 
     the nation's top cyberwarrior said on Saturday, the first 
     public acknowledgment of offensive measures against such 
     organizations.
       Gen. Paul M. Nakasone, the head of U.S. Cyber Command and 
     the director of the National Security Agency, said that nine 
     months ago, the government saw ransomware attacks as the 
     responsibility of law enforcement.
       But the attacks on Colonial Pipeline and JBS beef plants 
     demonstrated that the criminal organizations behind them have 
     been ``impacting our critical infrastructure,'' General 
     Nakasone said.
       In response, the government is taking a more aggressive, 
     better coordinated approach against this threat, abandoning 
     its previous hands-off stance. Cyber Command, the N.S.A. and 
     other agencies have poured resources into gathering 
     intelligence on the ransomware groups and sharing that better 
     understanding across the government and with international 
     partners.

[[Page H3874]]

       ``The first thing we have to do is to understand the 
     adversary and their insights better than we've ever 
     understood them before,'' General Nakasone said in an 
     interview on the sidelines of the Reagan National Defense 
     Forum, a gathering of national security officials.
       General Nakasone would not describe the actions taken by 
     his commands, nor what ransomware groups were targeted. But 
     he said one of the goals was to ``impose costs,'' which is 
     the term military officials use to describe punitive 
     cyberoperations.
       ``Before, during and since, with a number of elements of 
     our government, we have taken actions and we have imposed 
     costs;'' General Nakasone said. ``That's an important piece 
     that we should always be mindful of.''
       In September, Cyber Command diverted traffic around servers 
     being used by the Russia-based REvil ransomware group, 
     officials briefed on the operation have said. The operation 
     came after government hackers from an allied country 
     penetrated the servers, making it more difficult for the 
     group to collect ransoms. After REvil detected the U.S. 
     action, it shut down at least temporarily. That Cyber Command 
     operation was reported last month by The Washington Post.
       Cyber Command and the N.S.A. also assisted the F.B.I. and 
     the Justice Department in their efforts to seize and recover 
     much of the cryptocurrency ransom paid by Colonial Pipeline. 
     The Bitcoin payment was originally demanded by the Russian 
     ransomware group known as DarkSide.
       The first known operation against a ransomware group by 
     Cyber Command came before the 2020 election, when officials 
     feared a network of computers known as TrickBot could be used 
     to disrupt voting.
       Government officials have disagreed about how effective the 
     stepped-up actions against ransomware groups have been. 
     National Security Council officials have said activities by 
     Russian groups have declined. The F.B.I. has been skeptical. 
     Some outside groups saw a lull but predicted the ransomware 
     groups would rebrand and come back in force.
       Asked if the United States had gotten better at defending 
     itself from ransomware groups, General Nakasone said the 
     country was ``on an upward trajectory.'' But adversaries 
     modify their operations and continue to try to attack, he 
     said.
       ``We know much more about what our adversaries can and 
     might do to us. This is an area where vigilance is really 
     important,'' he said, adding that ``we can't take our eye off 
     it.''
       Since taking over in May 2018, General Nakasone has worked 
     to increase the pace of cyberoperations, focusing first on 
     more robust defenses against foreign influence operations in 
     the 2018 and 2020 elections. He has said that his commands 
     have been able to draw broad lessons from those operations, 
     which were seen as successful, and others.
       ``Take a look at the broad perspective of adversaries that 
     we've gone after over a period of five-plus years: It's been 
     nation-states, it's been proxies, it's been criminals, it's 
     been a whole wide variety of folks that each require a 
     different strategy,'' he said. ``The fundamental piece that 
     makes us successful against any adversary are speed, agility 
     and unity of effort. You have to have those three.''
       Last year's discovery of the SolarWinds hacking, in which 
     Russian intelligence agents implanted software in the supply 
     chain, giving them potential access to scores of government 
     networks and thousands of business networks, was made by a 
     private company and exposed flaws in America's domestic 
     cyberdefenses. The N.S.A's Cybersecurity Collaboration Center 
     was set up to improve information sharing between the 
     government and industry and to better detect future 
     intrusions, General Nakasone said, although industry 
     officials say more needs to be done to improve the flow of 
     intelligence.
       General Nakasone said those kinds of attacks are likely to 
     continue, by ransomware groups and others.
       ``What we have seen over the past year and what private 
     industry has indicated is that we have seen a tremendous rise 
     in terms of implants and in terms of zero-day vulnerabilities 
     and ransomware,'' he said, referring to an unknown coding 
     flaw for which a patch does not exist. ``I think that's the 
     world in which we live today.''
       Speaking on a panel at the Reagan Forum, General Nakasone 
     said the domain of cyberspace had changed radically over the 
     past 11 months with the rise of ransomware attacks and 
     operations like SolarWinds. He said it was likely in any 
     future military conflict that American critical 
     infrastructure would be targeted.
       ``Borders mean less as we look at our adversaries, and 
     whatever adversary that is, we should begin with the idea 
     that our critical infrastructure will be targeted:' he told 
     the panel.
       Cyber Command has already begun building up its efforts to 
     defend the next election. Despite the work to expose Russian, 
     Chinese and Iranian efforts to meddle in American politics, 
     General Nakasone said in the interview that foreign malign 
     campaigns were likely to continue.
       ``I think that we should anticipate that in cyberspace, 
     where the barriers to entry are so low, our adversaries are 
     always going to be attempting to be involved;'' he said.
       The recipe for success in defending the election, he said, 
     is to provide insight to the public about what adversaries 
     are trying to do, share information about vulnerabilities and 
     adversarial operations, and finally take action against 
     groups trying to interfere with voting.
       While that might take the form of cyberoperations against 
     hackers, the response can be broader. Last month, the Justice 
     Department announced the indictment of two Iranian hackers 
     the government had identified as being behind an attempt to 
     influence the 2020 election.
       ``This really has to be a whole-of-government effort,'' 
     General Nakasone said. ``This is why the diplomatic effort is 
     important. This is why being able to look at a number of 
     different levers within our government to be able to impact 
     these type of adversaries is critical for our success.''

  Ms. JACKSON LEE. The roll call goes on and on and on.
  I thank my colleagues for their words of support for this bipartisan 
legislation. I believe the time is now. We are going to continue this 
journey. This is not the last legislative initiative, that is why we 
will be holding a hearing tomorrow with the representative from the FBI 
because this is a growing continuing project and problem. If I might 
use the terminology, we will have to re-image constantly.
  This legislation is also supported by law enforcement groups and 
those with particular expertise in cybercrime, including the National 
Fraternal Order of Police, the Major Cities Chiefs Association, and the 
National Association of Police Organizations, the National White Collar 
Crime Center, and the Cybercrime Support Network.
  Mr. Speaker, I thank Senator Schatz, Senator Tillis, and as I 
indicated, our colleague, Representative Spanberger for their 
leadership on this bipartisan legislation. I am glad to have joined it 
and I urge all of my colleagues to join me in supporting it.
  Mr. Speaker, I yield back the balance of my time.
  Ms. JACKSON LEE. Mr. Speaker, I rise in support of S. 2629, the 
``Better Cybercrime Metrics Act.''
  This legislation improves our understanding and tracking of 
cybercrime so that we can do more to prevent it.
  A 2018 Gallup poll found that one in four Americans has been a victim 
of cybercrime.
  From stolen financial information, to systemwide shutdowns, to 
ransomware attacks, these crimes harm our families, our businesses, and 
our government.
  The Council of Economic Advisers estimated that malicious cyber 
activities cost our economy as much as $109 billion in 2016, and 
experts believe these costs are growing.
  The COVID-19 pandemic has increased opportunities for cybercrime, 
with increases in remote work and the time people spend online.
  Hackers also took advantage of our recovery efforts, stealing 
identities to file fake unemployment claims or fraudulent loan 
applications.
  Many of the victims of these scams only learned they were attacked 
when they went to file genuine claims and were told that one had 
already been submitted using their name or business.
  Sadly, cyber criminals often target older Americans. In 2020, people 
over 60 accounted for the most complaints of any age group, as 
collected by the FBI Internet Crime Complaint Center.
  People over 60 also had the greatest losses, with over $966 million 
lost to cybercrime in 2020.
  We must do more to protect Americans from cybercrime, and that starts 
with a better understanding of what it is and how it occurs.
  The Better Cybercrime Metrics Act will gather experts in law 
enforcement, business, and technology to create a taxonomy of 
cybercrime so that we can define it and classify it in a uniform way.
  This legislation also adds cybercrime to two important law 
enforcement tools used to track crimes, the National Incident-Based 
Reporting System and the National Crime Victimization Survey.
  Together these provisions will ensure that law enforcement has a 
complete picture of when and where cybercrime occurs, and who is harmed 
by it.
  Finally, this bill directs the Government Accountability Office to 
conduct a study on reporting mechanisms for cybercrime, and the 
disparities in cybercrime data relative to other types of crime data.
  Together this legislation will put in place the tools to clearly 
define and classify cybercrime, to track cybercrime, and to better 
understand this serious threat.
  I commend Senators Brian Schatz and Thom Tillis for their work on 
this bipartisan legislation. I also thank Representative Abigail 
Spanberger for her leadership on the House companion to this bill. I 
was proud to stand with her in introducing the House companion, along 
with our Republican colleagues, Representative Blake Moore and 
Representative Andrew Garbarino.

[[Page H3875]]

  We must give law enforcement the tools to keep apace with new 
technology and to get a step ahead of the threats faced by our ever-
evolving world.
  This bill takes an important step in that effort and I urge my 
colleagues to support it.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentlewoman from Texas (Ms. Jackson Lee) that the House suspend the 
rules and pass the bill, S. 2629.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mr. CLYDE. Mr. Speaker, on that I demand the yeas and nays.
  The SPEAKER pro tempore. Pursuant to section 3(s) of House Resolution 
8, the yeas and nays are ordered.
  Pursuant to clause 8 of rule XX, further proceedings on this motion 
are postponed.

                          ____________________