Nominet proudly delivers Protective DNS (PDNS) on behalf of the UK National Cyber Security Centre (NCSC) to protect UK public services. It has been mandated for use by central government services and is available to all public sector organisations in the UK.
The delivery of Protective DNS forms a vital part of the UK’s Active Cyber Defence (ACD), designed to tackle cyber attacks to improve national resilience.
PDNS in action
Onboarding of the Health and Social Care Network (HSCN) to PDNS was accelerated (within 24 hours) following CISA alert that malicious actors were targeting US healthcare.
Many COVID-19 related malicious domains were blocked, including a webpage hosting malware and a fake web shop being used for phishing.
Emotet domains, originally used as a banking trojan, were seen to be evolving as a ‘dropper’ to deliver ransomware e.g. Ryuk and Conti and were blocked more than any other threat.
Disclosure of a sophisticated software supply chain attack of the SolarWinds Orion product saw the PDNS dataset become a primary data source for analysis of risk and response. It revealed:
- How many public bodies were affected, giving visibility to many core parts of the Government
- The extent of compromise
Cyber defence during a pandemic
PDNS helped build more robust cyber defences during the pandemic, benefiting those delivering public services, as seen in NCSC's 'Active Cyber Defence - The Fourth Year' report.
PDNS & SolarWinds
The NCSC's 'Active Cyber Defence - The Fourth Year' showed how PDNS logs were used to reassure which organisations were not at risk from the attack on SolarWinds and alerted those which potentially were.
Harnessing PDNS data in new ways
As seen in NCSC's 'Active Cyber Defence - The Third Year' report, 2019 saw significant progress behind the scenes in how the NCSC share and use PDNS data internally, meaning that this data can be employed in new ways to make observations at scale to provide enhanced security across the public sector.