UK NCSC begins rollout of free DNS security service for schools

London: The UK National Cyber Security Centre (NCSC) has begun the phased rollout of its Protective Domain Name Service (PDNS) to schools across the UK. The PDNS for Schools scheme is free and aims to help protect schools from Domain Name System (DNS) security threats. The initial rollout will progress into next year, with full rollout to be announced in the first part of 2024.

The PDNS was first launched in 2017 and protects against Domain Name System (DNS) misuse and cyber threats like malware. It has been freely available to organisations like central government, local authorities, and devolved administrations for several years. Organisations that can now sign up to PDNS for Schools are local authorities or eligible public sector networks from the devolved administrations of the UK that provide DNS to their schools and local authorities in England that provide DNS to their maintained schools.

Schools – and the education sector generally – are prime targets for cyberattacks. Education institutions control vast amounts of personally identifiable student data, while many education organisations have limited budgets devoted to cybersecurity, hampering defences. Education was tied with telecommunications as the most targeted vertical by web application attacks in the third quarter of 2023, according to Cisco Talos Incident Response data.

In January, it was revealed that more than a dozen schools in the UK suffered a cyberattack which led to highly confidential documents being leaked online by cybercriminals. Children’s SEN information, child passport scans, staff pay scales and contract details were reportedly stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries.

Meanwhile, recent research from web security company Cloudflare revealed a rise in sophisticated DNS distributed denial of service (DDoS) attacks.

Technology plays a crucial role in education – from online learning platforms to interactive educational tools, schools are increasingly relying on digital resources to deliver quality education, the NCSC wrote. “However, behind the scenes, there is one essential component that often goes unnoticed – DNS. DNS allows users to access websites and digital services seamlessly. Unfortunately, DNS can also be used maliciously for malware distribution and control.”

PDNS for Schools will benefit education settings across the UK, protecting them automatically from a huge volume of malicious content which can cause huge disruption, remediation time, and costs to schools, the NCSC added. “Individual schools or trusts do not need to make enquiries for now. We are working with our delivery partner, Nominet, to make sure other areas and types of school can benefit from the PDNS for Schools offer,” it added.

“It’s great to see PDNS rolled out to UK schools. Over the last few years, we’ve seen an increasing number of attacks target the education sector, and this PDNS roll out is undoubtedly meant to support schools in their response to such attacks,” Dr Jason Nurse, reader in cybersecurity, Institute of Cyber Security for Society, University of Kent, tells CSO.

A primary benefit to schools is that it’s largely seamless; once it’s implemented, it will block malicious domains – such as those distributing malware and viruses, and phishing domains – from being accessed, he says. “It’s important to note, however, that this is based on blocking sites known to be malicious. At this time, it won’t stop all attacks, particularly those emerging from new or previously unseen malicious sites,” Nurse adds. Schools should still take care when allowing access to external sites, and staff and students should be well versed in good cyber hygiene practices, he says.