Written by Tim Starks

For the second time this month, Congress has sent legislation to President Joe Biden that’s designed to keep better track of cybercrime data.

The House on Tuesday cleared a bill that would direct the Justice Department to collect and measure cybercrime statistics in several ways, such as a mandate for the Bureau of Justice Statistics and U.S. Census Bureau to include questions about cybercrime on the National Crime Victimization Survey, which tallies crimes committed against people 12 and older.

It arrives on Biden’s desk shortly after the president signed another bill that requires critical infrastructure owners and operators to report ransomware payments within 24 hours.

In a floor speech this week urging passage of the DOJ metrics legislation, Rep. Abigail Spanberger said cybercrime was the most common crime in the U.S.

“Unfortunately, a vast majority of these crimes are not properly reported or tracked by law enforcement,” the Virginia Democrat said. “And far too often, they are not measured or even documented. And to make matters worse, our government lacks the preparedness required to fully address the next generation of cybercrime and cyberattacks.”

Spanberger, lead sponsor of the House version of the measure, said the Colonial Pipeline ransomware attack that sparked a fuel panic in the U.S. served as inspiration to introduce it. The House agreed to clear the legislation by a vote of 377-48.

“Our government lacks the preparedness required to fully address the next generation of cybercrime and cyberattacks.”

— Rep. Abigail Spanberger

All 48 “no” votes came from Republicans, despite bipartisan co-sponsorship of both the House and Senate versions of the “Better Cybercrime Metrics Act.”

“We don’t have enough information to determine whether this legislation will bring more cybercriminals to justice,” Rep. Cliff Bentz, R-Ore., said on the floor this week, then referred to a provision of the legislation that gives the Government Accountability Office a role. “Why are we making changes to cybercrime reporting mechanisms before the GAO can evaluate whether the existing reporting mechanisms are effective?”

The Cybercrime Support Network, Major Cities Chiefs Association, National Fraternal Order of Police, National Association of Police Organizations and National White Collar Crime Center supported the measure.

The legislation also dovetails with a Cyberspace Solarium Commission recommendation that Congress has not acted upon to establish a Bureau of Cyber Statistics that could help assess risk and give policymakers information to better craft government programs.