The UK’s National Cyber Security Centre (NCSC) has recently announced the roll out of PDNS - Protective Domain Name Service - for UK schools to reduce the number of cyber-attacks impacting the education sector.

PDNS was originally announced by the NCSC in 2017 and was initially available for use by Central Government, Local Authorities, Devolved Administrations, Emergency Services, NHS Organisations, MOD, and some UK registered Social Housing Providers.

The local authority umbrella did encapsulate some schools, but only those utilising Local Authority managed networks.

A study by the NCSC, released in January this year, revealed that more than three-quarters (78%) of schools had encountered various cyber incidents. A comparable percentage (73%) reported incidents such as phishing emails sent to their staff or staff being directed to malicious websites, which is an increase from the 69% reported in the 2019 study.

The National Management Centre also highlighted the rise in ransomware groups targeting the education sector in March and the trend has continued to grow. Just recently we blogged about a school in Derbyshire which had been attacked just before term was due to begin.

Organisations that can now sign up to ‘PDNS for Schools’ are:

• Local authorities or eligible public sector networks from the devolved administrations of the UK (Scotland, Wales and Northern Ireland) that provide DNS to their schools.
• Local authorities in England that provide DNS to their maintained schools.

The service is free and will be rolled out between now and the end of 2024 for all eligible schools.

The reason for a relatively slow roll out is to enable the NCSC to test the service capacity as more local education authorities and their schools are onboarded to the service.

PDNS for Schools is based on a long-running and highly successful part of the NCSC’s Active Cyber Defence strategy.

“PDNS prevents access to domains known to be malicious, by simply not resolving them. Preventing access to malware, ransomware, phishing attacks, viruses, malicious sites and spyware at source makes the network more secure,” the NCSC explained.

There is additional functionality in terms of metrics within the application, to provide analysis on the security and efficiency of a schools’ network and outreach support from the NCSC in the event of potential cyber issues.

Data from the system will be used by UK government cyber-incident response functions to inform and support any potential cyber-attacks.

You can read more on PDNS via the NCSC website:

• https://www.ncsc.gov.uk/blog-post/introducing-pdns-for-schools
• https://www.ncsc.gov.uk/information/pdns

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).