A report by the Government Accountability Office found that federal agencies have different approaches to reporting cybercrime, due in part to their varying definitions of the criminal activity.
In a report published Tuesday, GAO said that the lack of connection among the reporting mechanisms poses a challenge to establishing shared metrics, which could be addressed through the Better Cybercrime Metrics Act of 2022.
The study focused on 12 agencies including the FBI, Department of Justice, Internal Revenue Service and Department of the Treasury. GAO learned that these agencies have no standardized definition of cybercrime or approach to identifying, investigating and prosecuting such violations.
Eight of the 12 departments admitted to having difficulty in measuring the extent or impact of online criminal incidents. They also said they needed guidance in defining metrics for evaluating the impact of efforts to avoid or address the criminal cases.
GAO emphasized that the development of a cybercrime taxonomy under the Better Cybercrime Metrics Act could help the federal offices overcome their challenges. The Department of Justice is tasked with creating the taxonomy and notification categories in its national incident-based reporting system, expected for completion in May 2024.
