Federal cybercrime reporting may have some gaps, due to lack of a comprehensive approach or common definitions of cybercrime across all federal agencies, according to a recent study from the U.S. Government Accountability Office (GAO).
“Several federal agencies work to detect, investigate, and prosecute cybercrimes. Agencies vary in how they collect data on these crimes, and there is no official definition of cybercrime. As a result, this data may not be consistent or complete,” said the GAO in its report. The result is that the nation may be less equipped to fight cybercrime, the agency added.
GAO undertook the study as directed by a May 2022 federal law, the Better Cybercrime Metrics Act. The agency focused its examination on 12 agencies within the U.S. Departments of Justice, Homeland Security, Treasury, and the U.S Postal Service, all of which have various responsibilities for investigating, prosecuting, collecting, preventing, or analyzing various elements of cybercrime.
Six of the 12 agencies evaluated reported difficulty distinguishing between “cybercrime” and “cyber-enabled crime,” according to the report. Several agencies also rely on reporting of crimes by the public or businesses and have met reluctance to report due to reputational concerns or unfamiliarity with the process. Four of the agencies reported problems coordinating shared cybercrime metrics across agencies.
GAO offered no specific recommendations following its audit, but said, “The provisions of the Better Cybercrime Metrics Act, such as those that require the development of a cybercrime taxonomy and reporting categories, if effectively implemented, should help address these challenges.”