The UK National Cyber Security Centre (NCSC) has begun the phased rollout of its Protective Domain Name Service (PDNS) to schools across the UK. The PDNS for Schools scheme is free and aims to help protect schools from Domain Name System (DNS) security threats. The initial rollout will progress into next year, with full rollout to be announced in the first part of 2024.
The PDNS was first launched in 2017 and protects against Domain Name System (DNS) misuse and cyber threats like malware. It has been freely available to organisations like central government, local authorities, and devolved administrations for several years. Organisations that can now sign up to PDNS for Schools are local authorities or eligible public sector networks from the devolved administrations of the UK that provide DNS to their schools and local authorities in England that provide DNS to their maintained schools.
Schools – and the education sector generally – are prime targets for cyberattacks. Education institutions control vast amounts of personally identifiable student data, while many education organisations have limited budgets devoted to cybersecurity, hampering defences. Education was tied with telecommunications as the most targeted vertical by web application attacks in the third quarter of 2023, according to Cisco Talos Incident Response data.
In January, it was revealed that more than a dozen schools in the UK suffered a cyberattack which led to highly confidential documents being leaked online by cybercriminals. Children’s SEN information, child passport scans, staff pay scales and contract details were reportedly stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries.
Meanwhile, recent research from web security company Cloudflare revealed a rise in sophisticated DNS distributed denial of service (DDoS) attacks.
DNS risks threaten security of UK’s education sector
Technology plays a crucial role in education – from online learning platforms to interactive educational tools, schools are increasingly relying on digital resources to deliver quality education, the NCSC wrote. “However, behind the scenes, there is one essential component that often goes unnoticed – DNS. DNS allows users to access websites and digital services seamlessly. Unfortunately, DNS can also be used maliciously for malware distribution and control.”