The latest expansion of PDNS in the UK will prevent ransomware, phishing attacks, and other online threats from reaching more school networks.
On October 15, 2024 the National Cyber Security Centre (NCSC, the UK’s federal cybersecurity agency) announced the full launch of PDNS (Protective Domain Name Service) for Schools. PDNS is a free recursive resolver that blocks sites with malware, ransomware and spyware, along with malware communication. The service was first launched in 2017, and was required to be used by the central government - but was still made available to other eligible agencies, like NHS Organizations, the Ministry of Defence, and Emergency Services. Notably, PDNS was not accessible for the rest of the private sector.
The first launch of PDNS for Schools took place almost a year ago, on October 26, 2023. The service was accessible to local authorities or eligible public sector networks in the UK that provide DNS to their schools. Now, through their partnership with Cloudflare and Accenture, the NCSC is expanding the free program to allow more schools to use it. PDNS is available to school internet providers in England that handle DNS services, as well as multi academy trusts, academies, or independent schools that get their DNS services from other internet service providers and have the capabilities to implement the program. This essentially makes PDNS accessible to all schools in the UK.
In the blog post announcing the expansion of the service, Sarah Lyons, NCSC Deputy Director for Economy and Society, explains that while “‘PDNS for Schools' helps prevent malware, ransomware, phishing attacks, and other online threats from reaching school networks”, it only “complements (but does not replace) the safeguarding filtering measures that schools should already have in place.” This clause is worthwhile considering the frequency and impact of cyber attacks on schools.
The Office of Qualifications and Examinations Regulation (Ofqual) shared the results of a poll that exposed just how targeted England’s education sector is. They found that more than a third (34%) of schools and colleges in England experienced a cyber incident in the last school year, and that “20% could not recover immediately, with 4% taking more than half a term to recover.” Worse of all, “1 in 3 teachers have not had cyber security training this year - of the two-thirds who have had training, 66% said it was useful.” In the first half of the school year, at least 47 English schools weathered ransomware attacks that compromised personal data.
Unfortunately, cyber attacks on schools are extremely common all over the world. The US and UK are the biggest targets, but the schools in the U.S. suffer more ransomware attacks than schools anywhere else. Just last month, a school district near Seattle with 17,500 students was forced to cancel their classes because of a cyberattack. In any country, schools are frequent victims of cyberattacks because of the abundance of sensitive information and the lack of appropriate cybersecurity measures to protect it. While the US hasn’t offered a free PDNS to its schools, it is still encouraging cyber resilience through other programs, like the new Schools and Libraries Cybersecurity Pilot Program.
On August 29, 2024, the Federal Communications Commission (FCC) started accepting applications to their Schools and Libraries Cybersecurity Pilot Program, which “will provide up to $200 million to selected participants over a three-year term to purchase a wide variety of cybersecurity services and equipment.” While not as wide-reaching as the NCSC’s PDNS, this pilot will make a meaningful impact to the schools and libraries that are accepted. In any case, these programs show that educational institutions are starting to prioritize cybersecurity measures.