Welcome to the National Cryptologic Museum Foundation. The NCMF directly supports the National Cryptologic Museum (NCM), the first public museum in the U.S. Intelligence Community.

  • ...The nation’s brightest young minds to consider careers in STEM and cyber related fields

  • ...Robust dialog with the American public on cyber policy, technology, and privacy

  • ...Those who “served in silence” with valor and distinction, especially those who gave their lives in service

Did you know?

Polish mathematicians & code breakers made the first breakthroughs against Nazi Germany's Enigma code.......

Cybersecurity News Bytes - End of July 2018

DHS Provides Details on Russian Intrusion into U.S Grid

The Department of Homeland Security hosted a webinar series in late July to describe a multistage Russian cyber intrusion into the U.S. electric grid. The webinar was based on US-CERT Alert TA18-074, which described details about ongoing Russian intrusions into U.S critical infrastructure. While not providing specific company names, DHS did provide significant details on the tactics, techniques, and procedures (TTP) used by Russian hackers. In a classic case of computer network espionage, the hackers patiently and methodically performed reconnaissance on major power supply companies and their vendors. They then gained access to several vendors, described by DHS as “staging targets,” and established an operational infrastructure on two vendor networks. After harvesting credentials from unwitting vendors, the hackers used the trust relationships between the vendors and their customers to get to the “intended targets:” companies in areas of power generation, transmission, and distribution. Once in the networks of these companies, the hackers used more stolen credentials to get past firewalls protecting industrial control systems and into the actual control systems. At that point, they stopped. But they could easily have activated operational controls on power generators or other systems. It was a very stealthy and sophisticated operation and indicates just how vulnerable the U.S. grid can be to a smart and determined attacker. DHS/NCCIC/US-CERT alert TA-18-074A

Supply Chains Pose Biggest Corporate Threat

A new study by Crowd Strike found that 80% of corporate respondents to a survey believe that the biggest cyber threats they will face in the coming year is via corporate supply chains. Two-thirds of respondents experienced a cyber attack via a supply chain in the past year, raising alarms and concern for corporate executives. The report also found that supply chain attacks cost U.S. companies on average about $1.27 million. U.S. companies were able to resolve supply chain attacks within 22 hours, ahead of the global average, according to Crowd Strike. Tech Republic, 23 July 2018

India Spends More on Cybersecurity in Response to Increased Data Breaches

A recent survey report notes that India is second only to Sweden in terms of data breaches although India spends more on cybersecurity than any other country. The global survey, published by Thales eSecurity, included responses from over 100 IT security managers in India. 93% of the respondents planned increases in cybersecurity spending, much higher than the global average of 78%. The spending increase is driven by an upsurge in data breaches, with more than half of the survey respondents reported a successful breach in the past year. However, the report notes that new spending is mostly planned for endpoint and mobile defenses; data protection is among the lowest priorities noted by over half the survey respondents in India. Thales 2018 Data Threat Report

Corporate Email Security Woes Start with C-Suite

Mimecast published a report on “The State of Email Security” that paints an unflattering picture of email security in many corporations. Lack of attention to common cyber threats like phishing, social engineering, and ransomware leads to many corporate cyber attacks. In addition, insider threats including careless employees, compromised accounts, or malicious employees have also increased. Many corporations point to careless C-Suite executives who send sensitive emails to the wrong person, respond to spearphishing attacks, or fall prey to other basic techniques that indicate poor cyber hygiene. While employee training is often cited as the best defense against email attacks, Mimecast points out that many corporate executives believe that their IT departments should handle email security and that it is not something senior executives should have to worry about, setting the tone for the organization’s overall approach to email security. Mimecast

Prisoners Pad Their Accounts with Stolen Credit

More than 350 Idaho prison inmates hacked into the JPay network and added more than $225,000 in credit to their accounts. JPay is a service that provides tablets to prisoners in state and federal institutions. For a fee, prisoners can email loved ones, buy music, or play games, although they can’t use JPay to connect to the Internet. The enterprising prisoners hacked into the JPay data base and added credit to their accounts. Fifty prisoners added at least $1,000 each, one added $10,000. Idaho corrections authorities and JPay were not amused. Prisoners were issued reprimands and lost privileges, and they cannot use any JPay for anything other than email until they return the stolen credits. Help Net Security, 30 July 2018

Return to our HOME PAGE


On This Day In History


  • President Ronald Reagan declared this day Navajo Code Talkers Day.

About Us

The NCMF directly supports the National Cryptologic Museum (NCM), the first public museum in the U.S. Intelligence Community. We think you will agree it is truly a "museum like no other."

Located adjacent to the National Security Agency (NSA) in Maryland, the NCM houses a priceless collection of artifacts that represent our Nation's history in code making and code breaking, as well as a world class library of cryptologic media. The NCMF acquires the best artifacts for the NCM and supports new educational and interactive exhibits.

The NCMF provides exceptional cryptologic programs throughout the year, encourages young minds to explore cryptology and innovation through valued awards, and hosts educational, cryptology-related exhibits at various community events.

As part of the Foundation's partnership with NSA to build the Cyber Center for Education and Innovation - Home of the National Cryptologic Museum (CCEI-NCM), the NCMF also serves as a leader in the field of cybersecurity - striving to provide the best in educational resources and programs.

The NCMF and NCM share a joint three-fold mission to Educate, Stimulate, and Commemorate. Learn more about our MISSION.