Better Cybercrime Metrics Act

Floor Speech

Mr. Speaker, American businesses and American citizens face a growing number of cybercrimes. Cybercrime is a particularly complicated form of criminal conduct and one that costs Americans billions of dollars a year in theft.

This bill would require the Attorney General to enter into an agreement with the National Academy of Sciences to develop a method for categorizing different types of cybercrime. The Attorney General would also establish a cybercrime category in the National Incident-Based Reporting System so that States can better report cybercrime data to the Federal Government.

The bill would also require the Bureau of Justice Statistics to include cybercrime victimization questions in the National Crime Victimization Survey. There is no question that we must do more to bring cybercriminals to justice.

In August of 2021, the Biden administration released a notorious Russian cybercriminal early from Federal custody. The individual is described as, ``one of the most connected and skilled malicious hackers ever apprehended by the U.S. authorities.'' And for unknown reasons, the administration let him out of Federal prison early and shipped him back to Moscow.

We have asked the Biden administration's Justice Department for more information about this early release of this cybercriminal, but we have received nothing as of yet. Similarly, we don't have enough information to determine whether this legislation will bring more cybercriminals to justice. We haven't heard from relevant stakeholders on these issues, and we haven't held hearings with experts to determine whether this is the right step at this time.

This bill would require GAO to submit a report to Congress that assesses the effectiveness of reporting mechanisms for cybercrime and disparities in reporting data between cybercrime and other types of crime.

Why aren't we starting with that?

Why are we making changes to cybercrime reporting mechanisms before the GAO can evaluate whether the existing reporting mechanisms are effective?

It makes more sense for us to have hearings, evaluate GAO's findings, and hear from experts. Then we can examine whether the other provisions of this bill are necessary and appropriate.

In another instance of putting the cart before the horse, the Committee on the Judiciary is scheduled to hear from Bryan A. Vorndran, the assistant director of Cyber Division at the FBI tomorrow. Perhaps we should have waited to see what he had to say before rushing this legislation to the floor.

Ms. JACKSON LEE. Spanberger), who was astute enough to be able to offer the companion bill, and I thank her for her leadership and career leadership on these issues.

Ms. JACKSON LEE. Mr. Speaker, I am prepared to close, and I reserve the balance of my time.

BREAK IN TRANSCRIPT

Mr. BENTZ. Mr. Speaker, I urge my colleagues to oppose this bill, and I yield back the balance of my time.

Ms. JACKSON LEE.

Mr. Speaker, let me just take an opportunity to thank Congresswoman Spanberger for the knowledge she brings to this issue and to this legislation. We have already said that this is not a harmless crime.

Mr. Speaker, I include in the Record Cybercrime predictions for 2022: Deepfakes, cryptocurrencies, and misinformation, to further emphasize the lack of the harmlessness that it is. It is harmful. One sentence says it all: Fake news 2.0 and the return of misinformation campaigns. They cite in particular COVID-19. I think all of us can attest to the terrible damage that was done during the pandemic with the huge issues of the question of COVID and the vaccination. Fake vaccine passport certificates were on sale for $100 to $125, and the volume of advertising groups and group sizes publishing sellers and multiplied over and over again. [From the Future, December 4, 2021] Cybercrime Predictions for 2022: Deepfakes, Cryptocurrencies, and Misinformation (By Maya Horowitz)

While cybercriminals continue to leverage the impact of the COVID-19 pandemic, they will also find new opportunities to attack such as deepfakes, cryptocurrency and mobile wallets.

In 2021, cyber criminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid work, to target organizations' supply chains and networks for them to achieve maximum disruption.

The sophistication and scale of cyberattacks will continue to break records and we can expect a huge increase in the number of ransomware and mobile attacks. Looking ahead, organizations should remain aware of the risks and ensure that they have the appropriate solutions in place to prevent them without disrupting their normal business flow. To stay ahead of threats, organizations must be proactive and leave no part of their attack surface unprotected or unmonitored or otherwise risk becoming the next victim of sophisticated, targeted attacks. Global cybercrime predictions for 2022 Fake news 2.0 and the return of misinformation campaigns

The claim of `fake news' surrounding contentious issues has become a new attack vector over previous years without people really understanding its full impact. Throughout 2021, misinformation was spread about the COVID-19 pandemic and vaccination information. The black market for fake vaccine certificates expanded globally, now selling fakes from 29 countries. Fake `vaccine passport' certificates were on sale for $100-120 and the volume of advertisement groups and group sizes publishing sellers multiplied within the year. In 2022, cyber groups will continue to leverage these types of fake news campaigns to execute cybercrime through various phishing attacks and scams.

In addition, prior to the 2020 US presidential election, Check Point researchers spotted surges in malicious election- related domains and the use of ``meme camouflage'' aimed at shifting public opinion. In the run-up to the US midterm elections in November 2022, we can expect to see these activities in full effect and for misinformation campaigns to return on social media. Cyberattacks targeting supply chains

Supply chain attackers take advantage of a lack of monitoring within an organization's environment. They can be used to perform any type of cyberattack, such as data breaches and malware infections.

The well known cybercrime--SolarWinds supply chain attack stands out in 2021 due to its scale and influence, but other sophisticated supply chain attacks have occurred such as Codecov in April, and most recently, Kaseya. Kaseya provides software for Managed Service Providers and the REvil ransomware gang exploited the company to infect over 1,000 customers with ransomware. The group demanded a ransom of $70 million to provide decryption keys for all affected customers.

Supply chain attacks will become more common and governments will have to establish regulations to address these attacks and protect networks. They will also look into collaborating with the private sectors and internationally to identify and target more threat groups operating on global and regional scales. In 2022, expect to discover more about the global impact of the infamous Sunburst attack. The cyber `cold war' intensifies

The cyber way is intensifying, and taking place online as more nation-state actors push Western governments to continue to destabilize society. Improved infrastructure and technological capabilities will enable terrorists groups and political activists to further their cybercrime agendas and carry out more sophisticated, widespread attacks. Cyberattacks will increasingly be used as proxy conflicts to destabilize activities globally. Data breaches are larger scale and more costly

Going into 2022 we will see an increase in data breaches that will be larger scale. These breaches will also have the potential to cost organizations and governments more to recover. In May 2021, a US insurance giant paid $40 million in ransom to hackers. This was a record, and we can expect ransom demanded by attackers to increase in 2022. Technology cybersecurity predictions for 2022 Mobile malware attacks increase as more people use mobile wallets and payment platforms:

In 2021, 46 percent of organizations had at least one employee download a malicious mobile application. The move to remote work for almost entire populations across the world during the COVID-19 pandemic saw the mobile attack surface expand dramatically, resulting in 97 percent of organizations facing mobile threats from several attack vectors. As mobile wallets and mobile payment platforms are used more frequently, cybercrimes will evolve and adapt their techniques to exploit the growing reliance on mobile devices. Cryptocurrency becomes a focal point for cyberattacks globally

When money becomes purely software, the cybersecurity needed to protect us from hackers stealing and manipulating bitcoins and altcoins is sure to change in unexpected ways. As reports of stolen crypto wallets triggered by free airdropped NFTs become more frequent, Check Point Research (CPR) investigated OpenSea and proved it was possible to steal crypto wallets of users by leveraging critical security. In 2022, we can expect to see an increase in cryptocurrency related attacks. Attackers leverage vulnerabilities in microservices to launch largescale attacks

The move to the cloud and DevOps will result in a new form of cybercrime. With microservices becoming the leading method for application development, and microservices architecture being embraced by Cloud Service Providers (CSPs), attackers are using vulnerabilities found in microservices to launch their attacks. We can also expect to see large scale attacks targeting CSPs. Deepfake technology weaponized

Techniques for fake video or audio are now advanced enough to be weaponized and used to create targeted content to manipulate opinions, stock prices or worse. As in the case of other mobile attacks that rely on social engineering, the results of a phishing attacks can range from fraud to more advanced espionage. For instance in one of the most significant deepfake phishing attacks, a bank manager in the United Arab Emirates fell victim to a threat actor's scam. Hackers used AI voice cloning to trick the bank manager into transferring $35 million. Threat actors will use deepfake social engineering attacks to gain permissions and to access sensitive data. Penetration tools continue to grow

Globally in 2021, 1 out of every 61 organizations was being impacted by ransomware each week. Cybercrime through ransomware will continue to grow, despite the efforts of law enforcement to limit this growth globally. Threat actors will target companies that can afford paying ransom, and ransomware attacks will become more sophisticated in 2022. Hackers will increasingly use penetration tools to customize attacks in real time and to live and work within victim networks. Penetration tools are the engine behind the most sophisticated ransomware attacks that took place in 2021. As the popularity of this attack method grows, attackers will use it to carry out data exfiltration and extortion attacks.

Ms. JACKSON LEE. Mr. Speaker, I include in the Record the article: ``Ho, Ho, Ho, Holiday Scams'' FBI Portland. During the 2020 holiday season, this article says this FBI Internet Compliance Center received more than 17,000 complaints regarding the nondelivery of goods resulting in losses of more than $53 billion. [From FBI Portland, December 1, 2021] Ho, Ho, Ho, Holiday Scams! (By Beth Anne Steele)

If you're doing online shopping this holiday season, be on the lookout for scammers trying to steal a deal, too!

During the 2020 holiday shopping season, the FBI Internet Crime Complaint Center (IC3.gov) received more than 17,000 complaints regarding the non-delivery of goods, resulting in losses of more than $53 million. The FBI anticipates this number could increase during the 2021 holiday season due to rumors of merchandise shortages and the ongoing pandemic.

``Oftentimes when we talk about cyber crimes, we are referring to massive intrusions into financial institutions or ransomware attacks against large providers. Smaller cyber scams run by individuals or groups can be just as frustrating and difficult for families this time of year when all you want to do is provide the perfect gift for your family. The best thing you can do to be a savvy shopper is to know what scams are out there and take some basic precautions,'' says Kieran L. Ramsey, special agent in charge of the FBI in Oregon.

Here's a look at some of the more common scams:

Online Shopping Scams:

Scammers often offer too-good-to-be-true deals via phishing emails, through social media posts, or through ads. Perhaps you were trying to buy tickets to the next big concert or sporting event and found just what you were looking for--at a good deal--in an online marketplace? Those tickets could end up being bogus. Or, perhaps, you think you just scored a hard-to-find item like a new gaming system? Or a designer bag at an extremely low price? If you actually get a delivery, which is unlikely, the box may not contain the item you ordered in the condition you thought it would arrive. In the meantime, if you clicked on a link to access the deal. you likely gave the fraudster access to download malware onto your device, and you gave him personal financial information and debit/credit card details.

Social Media Shopping Scams:

Consumers should beware of posts on social media sites that appear to offer special deals, vouchers, or gift cards. Some may appear as holiday promotions or contests. Others may appear to be from known friends who have shared the link. Often, these scams lead consumers to participate in an online survey that is designed to steal personal information. If you click an ad through a social media platform, do your due diligence to check the legitimacy of the website before providing credit card or personal information.

Gift Card Scams:

Gift cards are popular and a great time saver. but you need to watch for sellers who say they can get you cards below- market value. Also, be wary of buying any card in a store if it looks like the security PIN on the back has been uncovered and recovered. Your best bet is to buy digital gift cards directly from the merchant online. Another twist on this scam involves a person who receives a request to purchase gift cards in bulk. Here's how it works: the victim receives a spoofed email, a phone call, or a text from a person who they believe is in authority (such as an executive at the company). The fraudster tells the victim to purchase multiple gift cards as gifts. The victim does so and then passes the card numbers and PINs to the ``executive'' who cashes out the value.

Charity Scams:

Charity fraud rises during the holiday season when people want to make end-of-year tax deductible gifts or just wish to contribute to a good cause. These seasonal scams can be more difficult to stop because of their widespread reach, limited duration and, when done online, minimal oversight. Bad actors target victims through cold calls, email campaigns, crowdfunding platforms, or fake social media accounts and websites. Fraudsters make it easy for victims to give money and to feel like they're making a difference. The scammer will divert some or all the funds for personal use, and those most in need will never see the donations.

Tips to Avoid Being Victimized:

Pay for items using a credit card dedicated for online purchases, checking the card statement frequently, and never saving payment information in online accounts.

Never make purchases using public Wi-Fi.

Beware of vendors that require payment with a gift card, wire transfer, cash, or cryptocurrency.

Research the seller to ensure legitimacy. Check reviews and do online searches for the name of the vendor and the words ``scam'' or ``fraud.''

Check the contact details listed on the website to ensure the vendor is real and reachable by phone or email.

Confirm return and refund policies.

Be wary of online retailers who use a free email service instead of a company email address.

Don't judge a company by its website. Flashy websites can be set up and taken down quickly.

Do not click on links or provide personal or financial information to an unsolicited email or social media post.

Secure credit card accounts, even rewards accounts, with strong passwords or passphrases. Change passwords or passphrases regularly.

Make charitable contributions directly, rather than through an intermediary, and pay via credit card or check. Avoid cash donations, if possible.

Only purchase gift cards directly from a trusted merchant.

Make sure anti-virus/malware software is up to date and block pop-up windows.

What to Do if You Are a Victim:

If you are a victim of an online scam, the FBI recommends taking the following actions:

Report the activity to the Internet Crime Complaint Center at IC3.gov, regardless of dollar loss. Provide all relevant information in the complaint.

Contact your financial institution immediately upon discovering any fraudulent or suspicious activity and direct them to stop or reverse the transactions.

Ask your financial institution to contact the corresponding financial institution where the fraudulent or suspicious transfer was sent.

Ms. JACKSON LEE. Mr. Speaker, I include in the Record the article: ``Without major changes, more Americans can be victims of online crime'' The Hill. ``When you turn on the TV or read the newspaper, it is hard to ignore headlines: `Colonial Pipeline a Victim of Massive Ransomware Attack.' `50 Million People Affected by T-Mobile Data Breach.' `Hackers Exploit SolarWinds to Spy on U.S. Government Agencies.' '' [From The Hill, Aug. 30, 2021] Without Major Changes, More Americans Could Be Victims of Online Crime (By Rep. Abigail Spanberger (D-VA))

When you turn on the TV or read the newspaper, it's hard to ignore the headlines: ``Colonial Pipeline a Victim of Massive Ransomware Attack.'' ``50 Million People Affected by T-Mobile Data Breach.'' ``Hackers Exploit SolarWinds to Spy on U.S. Government Agencies.''

These major attacks represent a serious threat to our economy and our national security. After the Colonial Pipeline attack impacted thousands of our neighbors in Central Virginia, I was adamant about how our government must vastly improve its efforts to undercut the activity of hackers, protect critical infrastructure, and strengthen our cybercrime prevention efforts.

But the story of cybercrime in 2021 goes far beyond these news-making cyberattacks--it extends into our communities, our neighborhoods, and our homes.

If you are a family banking online, a business managing your employees' payroll information, or a senior accessing federal benefits on the internet, you are no stranger to thinking about how a cyber breach or attack could affect you. Even worse, you might already be one of the millions of Americans whose personal data has been compromised, money or identity stolen, or safety put at risk.

In 2018, Gallup found that nearly one in four U.S. households has been a victim of cybercrime--making it the most common crime in America. To confront cybercriminals and their enablers, we need to have a better understanding of these incidents. However, many of these cases--a vast majority of these crimes--are not properly reported or tracked by law enforcement Often, they are not measured at all.

By some estimates, the Federal Bureau of Investigation (FBI) may only collect about one in 90 of all cybercrime incidents in its Internet Crime Complaint Center (IC3) database. The lack of information about cyber and cyber- enabled crime is divorced from what Americans are actually facing on a day-to-day basis an increased risk of cybercrime. What's more, these crimes are rising at an alarming rate.

Compounding this challenge is the fact that federal, state, and local governments do not have a comprehensive, effective system to measure cybercrime. In 2021--decades after the dawn of the internet age--we remain woefully unprepared to prevent or respond to the next generation of cyberattacks.

Accountability for these crimes--and protection against them--can't fully take shape until we have a clear picture of the current state of play. For this reason, we need to take real steps to improve how we track, measure, analyze, and prosecute cybercrime.

Earlier this month, I introduced the bipartisan Better Cybercrime Metrics Act, which would allow our federal government and law enforcement to better track and identify cybercrime, prevent attacks, and go after perpetrators. This bill would strengthen our understanding and our defenses against the phishing attempts, extortion, ransomware, and identity theft that are plaguing everyday Americans.

As a former federal law enforcement agent, I understand that local and state police and sheriff's departments are often strained for resources and time. And as a former CIA case officer, I recognize the importance of gathering as much information as possible about potential threats--so that we can prevent attacks on American citizens and American businesses.

If signed into law, the Better Cybercrime Metrics Act would improve our cybercrime metrics, anticipate future trends, and make sure law enforcement has the tools and resources they need.

Our bill would require federal reporting on the effectiveness of current cybercrime mechanisms and highlight disparities in reporting data between cybercrime data and other types of crime data.

Additionally, it would require the National Crime Victimization Survey to ask questions related to cybercrime in its surveys--and it would make sure that the FBI's National Incident Based Reporting System include cybercrime reports from federal, state, and local officials.

Notably, our bill would also require the U.S. Department of Justice to contract with the National Academy of Sciences to develop a standard taxonomy for cybercrime. These metrics could be used by law enforcement across the board.

I was proud to introduce this legislation alongside my colleagues U.S. Reps. Blake Moore (R-Utah), Andrew Garbarino (R-N.Y.), and Sheila Jackson Lee (D-Texas). Clearly, there is consensus for these reforms and protections across the political spectrum.

In the Senate, a companion bill is being led by Sen. Brian Schatz (D-Hawaii). Joining him are Thom Tillis (R-N.C.), John Cornyn (R-Texas), and Richard Blumenthal (D-Conn.). I am proud to have their partnership on this important, bicameral effort.

With this legislation and an improved understanding of the threats ahead, we can prevent more Americans from becoming targets--or victims--online.

Ms. JACKSON LEE. Mr. Speaker, I include in the Record the article titled: ``U.S. Military Has Acted Against Ransomware Groups, General Acknowledges.'' [From the New York Times, December 5, 2021] U.S. Military Has Acted Against Ransomware Groups, General Acknowledges (By Julian E. Barnes)

Simi Valley, Calif.--The U.S. military has taken actions against ransomware groups as part of its surge against organizations launching attacks against American companies, the nation's top cyberwarrior said on Saturday, the first public acknowledgment of offensive measures against such organizations.

Gen. Paul M. Nakasone, the head of U.S. Cyber Command and the director of the National Security Agency, said that nine months ago, the government saw ransomware attacks as the responsibility of law enforcement.

But the attacks on Colonial Pipeline and JBS beef plants demonstrated that the criminal organizations behind them have been ``impacting our critical infrastructure,'' General Nakasone said.

In response, the government is taking a more aggressive, better coordinated approach against this threat, abandoning its previous hands-off stance. Cyber Command, the N.S.A. and other agencies have poured resources into gathering intelligence on the ransomware groups and sharing that better understanding across the government and with international partners.

``The first thing we have to do is to understand the adversary and their insights better than we've ever understood them before,'' General Nakasone said in an interview on the sidelines of the Reagan National Defense Forum, a gathering of national security officials.

General Nakasone would not describe the actions taken by his commands, nor what ransomware groups were targeted. But he said one of the goals was to ``impose costs,'' which is the term military officials use to describe punitive cyberoperations.

``Before, during and since, with a number of elements of our government, we have taken actions and we have imposed costs;'' General Nakasone said. ``That's an important piece that we should always be mindful of.''

In September, Cyber Command diverted traffic around servers being used by the Russia-based REvil ransomware group, officials briefed on the operation have said. The operation came after government hackers from an allied country penetrated the servers, making it more difficult for the group to collect ransoms. After REvil detected the U.S. action, it shut down at least temporarily. That Cyber Command operation was reported last month by The Washington Post.

Cyber Command and the N.S.A. also assisted the F.B.I. and the Justice Department in their efforts to seize and recover much of the cryptocurrency ransom paid by Colonial Pipeline. The Bitcoin payment was originally demanded by the Russian ransomware group known as DarkSide.

The first known operation against a ransomware group by Cyber Command came before the 2020 election, when officials feared a network of computers known as TrickBot could be used to disrupt voting.

Government officials have disagreed about how effective the stepped-up actions against ransomware groups have been. National Security Council officials have said activities by Russian groups have declined. The F.B.I. has been skeptical. Some outside groups saw a lull but predicted the ransomware groups would rebrand and come back in force.

Asked if the United States had gotten better at defending itself from ransomware groups, General Nakasone said the country was ``on an upward trajectory.'' But adversaries modify their operations and continue to try to attack, he said.

``We know much more about what our adversaries can and might do to us. This is an area where vigilance is really important,'' he said, adding that ``we can't take our eye off it.''

Since taking over in May 2018, General Nakasone has worked to increase the pace of cyberoperations, focusing first on more robust defenses against foreign influence operations in the 2018 and 2020 elections. He has said that his commands have been able to draw broad lessons from those operations, which were seen as successful, and others.

``Take a look at the broad perspective of adversaries that we've gone after over a period of five-plus years: It's been nation-states, it's been proxies, it's been criminals, it's been a whole wide variety of folks that each require a different strategy,'' he said. ``The fundamental piece that makes us successful against any adversary are speed, agility and unity of effort. You have to have those three.''

Last year's discovery of the SolarWinds hacking, in which Russian intelligence agents implanted software in the supply chain, giving them potential access to scores of government networks and thousands of business networks, was made by a private company and exposed flaws in America's domestic cyberdefenses. The N.S.A's Cybersecurity Collaboration Center was set up to improve information sharing between the government and industry and to better detect future intrusions, General Nakasone said, although industry officials say more needs to be done to improve the flow of intelligence.

General Nakasone said those kinds of attacks are likely to continue, by ransomware groups and others.

``What we have seen over the past year and what private industry has indicated is that we have seen a tremendous rise in terms of implants and in terms of zero-day vulnerabilities and ransomware,'' he said, referring to an unknown coding flaw for which a patch does not exist. ``I think that's the world in which we live today.''

Speaking on a panel at the Reagan Forum, General Nakasone said the domain of cyberspace had changed radically over the past 11 months with the rise of ransomware attacks and operations like SolarWinds. He said it was likely in any future military conflict that American critical infrastructure would be targeted.

``Borders mean less as we look at our adversaries, and whatever adversary that is, we should begin with the idea that our critical infrastructure will be targeted:' he told the panel.

Cyber Command has already begun building up its efforts to defend the next election. Despite the work to expose Russian, Chinese and Iranian efforts to meddle in American politics, General Nakasone said in the interview that foreign malign campaigns were likely to continue.

``I think that we should anticipate that in cyberspace, where the barriers to entry are so low, our adversaries are always going to be attempting to be involved;'' he said.

The recipe for success in defending the election, he said, is to provide insight to the public about what adversaries are trying to do, share information about vulnerabilities and adversarial operations, and finally take action against groups trying to interfere with voting.

While that might take the form of cyberoperations against hackers, the response can be broader. Last month, the Justice Department announced the indictment of two Iranian hackers the government had identified as being behind an attempt to influence the 2020 election.

``This really has to be a whole-of-government effort,'' General Nakasone said. ``This is why the diplomatic effort is important. This is why being able to look at a number of different levers within our government to be able to impact these type of adversaries is critical for our success.''

Ms. JACKSON LEE. The roll call goes on and on and on.

I thank my colleagues for their words of support for this bipartisan legislation. I believe the time is now. We are going to continue this journey. This is not the last legislative initiative, that is why we will be holding a hearing tomorrow with the representative from the FBI because this is a growing continuing project and problem. If I might use the terminology, we will have to re-image constantly.

This legislation is also supported by law enforcement groups and those with particular expertise in cybercrime, including the National Fraternal Order of Police, the Major Cities Chiefs Association, and the National Association of Police Organizations, the National White Collar Crime Center, and the Cybercrime Support Network.

Mr. Speaker, I thank Senator Schatz, Senator Tillis, and as I indicated, our colleague, Representative Spanberger for their leadership on this bipartisan legislation. I am glad to have joined it and I urge all of my colleagues to join me in supporting it.

Ms. JACKSON LEE. Mr. Speaker, I rise in support of S. 2629, the ``Better Cybercrime Metrics Act.''

This legislation improves our understanding and tracking of cybercrime so that we can do more to prevent it.

A 2018 Gallup poll found that one in four Americans has been a victim of cybercrime.

From stolen financial information, to systemwide shutdowns, to ransomware attacks, these crimes harm our families, our businesses, and our government.

The Council of Economic Advisers estimated that malicious cyber activities cost our economy as much as $109 billion in 2016, and experts believe these costs are growing.

The COVID-19 pandemic has increased opportunities for cybercrime, with increases in remote work and the time people spend online.

Hackers also took advantage of our recovery efforts, stealing identities to file fake unemployment claims or fraudulent loan applications.

Many of the victims of these scams only learned they were attacked when they went to file genuine claims and were told that one had already been submitted using their name or business.

Sadly, cyber criminals often target older Americans. In 2020, people over 60 accounted for the most complaints of any age group, as collected by the FBI Internet Crime Complaint Center.

People over 60 also had the greatest losses, with over $966 million lost to cybercrime in 2020.

We must do more to protect Americans from cybercrime, and that starts with a better understanding of what it is and how it occurs.

The Better Cybercrime Metrics Act will gather experts in law enforcement, business, and technology to create a taxonomy of cybercrime so that we can define it and classify it in a uniform way.

This legislation also adds cybercrime to two important law enforcement tools used to track crimes, the National Incident-Based Reporting System and the National Crime Victimization Survey.

Together these provisions will ensure that law enforcement has a complete picture of when and where cybercrime occurs, and who is harmed by it.

Finally, this bill directs the Government Accountability Office to conduct a study on reporting mechanisms for cybercrime, and the disparities in cybercrime data relative to other types of crime data.

Together this legislation will put in place the tools to clearly define and classify cybercrime, to track cybercrime, and to better understand this serious threat.

I commend Senators Brian Schatz and Thom Tillis for their work on this bipartisan legislation. I also thank Representative Abigail Spanberger for her leadership on the House companion to this bill. I was proud to stand with her in introducing the House companion, along with our Republican colleagues, Representative Blake Moore and Representative Andrew Garbarino.

We must give law enforcement the tools to keep apace with new technology and to get a step ahead of the threats faced by our ever- evolving world.

This bill takes an important step in that effort and I urge my colleagues to support it.

BREAK IN TRANSCRIPT

Source