PDNS for Schools scheme aims to help protect UK schools from Domain Name System (DNS) security threats. Credit: Shutterstock/Maskot Images The UK National Cyber Security Centre (NCSC) has begun the phased rollout of its Protective Domain Name Service (PDNS) to schools across the UK. The PDNS for Schools scheme is free and aims to help protect schools from Domain Name System (DNS) security threats. The initial rollout will progress into next year, with full rollout to be announced in the first part of 2024. The PDNS was first launched in 2017 and protects against Domain Name System (DNS) misuse and cyber threats like malware. It has been freely available to organisations like central government, local authorities, and devolved administrations for several years. Organisations that can now sign up to PDNS for Schools are local authorities or eligible public sector networks from the devolved administrations of the UK that provide DNS to their schools and local authorities in England that provide DNS to their maintained schools. Schools – and the education sector generally – are prime targets for cyberattacks. Education institutions control vast amounts of personally identifiable student data, while many education organisations have limited budgets devoted to cybersecurity, hampering defences. Education was tied with telecommunications as the most targeted vertical by web application attacks in the third quarter of 2023, according to Cisco Talos Incident Response data. In January, it was revealed that more than a dozen schools in the UK suffered a cyberattack which led to highly confidential documents being leaked online by cybercriminals. Children’s SEN information, child passport scans, staff pay scales and contract details were reportedly stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries. Meanwhile, recent research from web security company Cloudflare revealed a rise in sophisticated DNS distributed denial of service (DDoS) attacks. DNS risks threaten security of UK’s education sector Technology plays a crucial role in education – from online learning platforms to interactive educational tools, schools are increasingly relying on digital resources to deliver quality education, the NCSC wrote. “However, behind the scenes, there is one essential component that often goes unnoticed – DNS. DNS allows users to access websites and digital services seamlessly. Unfortunately, DNS can also be used maliciously for malware distribution and control.” PDNS for Schools will benefit education settings across the UK, protecting them automatically from a huge volume of malicious content which can cause huge disruption, remediation time, and costs to schools, the NCSC added. “Individual schools or trusts do not need to make enquiries for now. We are working with our delivery partner, Nominet, to make sure other areas and types of school can benefit from the PDNS for Schools offer,” it added. Rollout will help schools respond to DNS attacks “It’s great to see PDNS rolled out to UK schools. Over the last few years, we’ve seen an increasing number of attacks target the education sector, and this PDNS roll out is undoubtedly meant to support schools in their response to such attacks,” Dr Jason Nurse, reader in cybersecurity, Institute of Cyber Security for Society, University of Kent, tells CSO. A primary benefit to schools is that it’s largely seamless; once it’s implemented, it will block malicious domains – such as those distributing malware and viruses, and phishing domains – from being accessed, he says. “It’s important to note, however, that this is based on blocking sites known to be malicious. At this time, it won’t stop all attacks, particularly those emerging from new or previously unseen malicious sites,” Nurse adds. Schools should still take care when allowing access to external sites, and staff and students should be well versed in good cyber hygiene practices, he says. Related content feature Some strategies for CISOs freaked out by the specter of federal indictments Experts at this year's RSA Conference offered strategies to help CISOs cope with the prospect of facing federal indictments over their handling of cyber incidents. By Cynthia Brumfield May 10, 2024 7 mins CSO and CISO Legal Security Practices interview Strong CIO-CISO relations fuel success at Ally CIO Sathish Muthukrishnan and CISO Donna Hart have forged a partnership steeped in Ally’s culture of radical candor that keeps the financial services firm secure and innovative. By Dan Roberts May 09, 2024 9 mins CIO CSO and CISO IT Leadership news Zscaler shuts down exposed system after rumors of a cyberattack Initially dismissing rumors, Zscaler now says it did have a system exposed but nothing important has been accessed. By Shweta Sharma May 09, 2024 3 mins Data Breach Cyberattacks news Palo Alto launches AI-powered solutions to fight AI-generated cyberthreats The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies. By Prasanth Aby Thomas May 09, 2024 3 mins Generative AI Security Software PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe