Computer Science · 12th Grade · Network Architecture and Cryptography · Weeks 28-36

Emerging Threats and Future of Cybersecurity

Students research and discuss emerging cybersecurity threats, such as quantum computing attacks and AI-powered malware.

Common Core State StandardsCSTA: 3B-NI-04CSTA: 3B-IC-27

About This Topic

Cybersecurity is not a static field, and the threats of the next decade will look substantially different from those of the past. Two of the most significant emerging challenges for 12th graders to understand are quantum computing's threat to current cryptographic standards and the rise of AI-powered offensive tools. Most current public-key cryptography, including RSA and elliptic curve algorithms, relies on the computational difficulty of factoring large numbers or solving discrete logarithm problems. Quantum computers running Shor's algorithm can solve these problems exponentially faster, potentially rendering encrypted data captured today vulnerable to decryption once sufficiently powerful quantum hardware exists, a threat sometimes called 'harvest now, decrypt later.'

Meanwhile, AI is lowering the barrier for sophisticated cyberattacks. Large language models can generate convincing phishing emails personalized at scale, and AI-powered tools can identify software vulnerabilities and generate exploits faster than human researchers can patch them. Students should understand that this is a symmetrical development: defenders can also use AI for threat detection, log analysis, and automated response, creating a technological arms race with no clear endpoint.

Post-quantum cryptography is an active area of standardization: NIST finalized its first post-quantum cryptographic standards in 2024. Active learning helps students grapple with the genuine uncertainty in this field, developing the analytical habits needed to evaluate emerging threats throughout their careers.

Key Questions

  1. Predict how quantum computing could impact current cryptographic standards.
  2. Analyze the challenges of defending against AI-powered cyberattacks.
  3. Hypothesize future trends in cybersecurity and propose proactive defense strategies.

Learning Objectives

  • Critique the vulnerabilities of current public-key cryptography algorithms to quantum computing attacks.
  • Analyze the ethical implications and technical challenges of using AI for both offensive and defensive cybersecurity operations.
  • Synthesize research on emerging cybersecurity threats to propose proactive defense strategies for organizations.
  • Compare and contrast the capabilities of classical computers versus quantum computers in relation to cryptographic breaking.
  • Evaluate the effectiveness of NIST's post-quantum cryptographic standards in mitigating future threats.

Before You Start

Introduction to Cryptography

Why: Students need a foundational understanding of encryption, decryption, and common cryptographic algorithms to grasp how quantum computing impacts them.

Basic Principles of Artificial Intelligence

Why: Understanding basic AI concepts is necessary to comprehend how AI can be applied to create advanced cyber threats and defenses.

Network Security Fundamentals

Why: Knowledge of network vulnerabilities and common attack vectors provides context for understanding new and emerging threats.

Key Vocabulary

Quantum ComputingA type of computation that harnesses quantum-mechanical phenomena, such as superposition and entanglement, to perform calculations. It poses a significant threat to current encryption methods.
Shor's AlgorithmA quantum algorithm that can efficiently factor large numbers, which is the mathematical basis for the security of many widely used public-key cryptosystems like RSA.
Harvest Now, Decrypt LaterA cybersecurity threat where encrypted data is stolen today, with the expectation that it can be decrypted in the future once sufficiently powerful quantum computers are available.
AI-Powered MalwareMalicious software that uses artificial intelligence techniques to adapt, evade detection, and carry out sophisticated attacks, often with increased personalization and efficiency.
Post-Quantum Cryptography (PQC)Cryptographic algorithms designed to be resistant to attacks from both classical and quantum computers, developed to replace current vulnerable cryptographic standards.

Watch Out for These Misconceptions

Common MisconceptionQuantum computers will break all encryption immediately once they become powerful enough.

What to Teach Instead

Quantum computers threaten specific mathematical problems underlying certain algorithms, primarily public-key cryptography. Symmetric encryption like AES requires much larger key sizes to be affected, and hash functions are largely resistant. Post-quantum cryptographic algorithms are being standardized now specifically to address the vulnerable algorithms. The futures wheel activity helps students distinguish between immediate and longer-term risks.

Common MisconceptionAI-powered cyberattacks are science fiction.

What to Teach Instead

AI-generated phishing emails, automated vulnerability scanning, and AI-assisted malware are already documented in real incidents. LLMs lower the skill floor for social engineering attacks dramatically. The offense-versus-defense debate grounds this in documented cases rather than speculation.

Common MisconceptionPost-quantum cryptography is not yet relevant because quantum computers are not powerful enough yet.

What to Teach Instead

The 'harvest now, decrypt later' strategy means adversaries can collect today's encrypted traffic and decrypt it in the future once quantum hardware matures. Organizations handling sensitive long-term data need to begin transitioning now. NIST published its first post-quantum standards in 2024, signaling that the migration window is open.

Active Learning Ideas

See all activities

Futures Wheel: Quantum Computing and Encryption

Start with the central prompt: 'Quantum computers can break RSA encryption.' In concentric rings, student groups map first-order consequences (encrypted government data is vulnerable), second-order consequences (secure communications collapse), and third-order consequences (financial systems destabilized). Groups share their wheels and the class identifies which consequences are most certain, most speculative, and most urgent to address now.

45 min·Small Groups

Formal Debate: AI in Cyber -- Offense vs. Defense

Divide the class into offense and defense teams. Offense teams research how AI is being used to automate phishing, generate malware, and probe for vulnerabilities. Defense teams research AI-based intrusion detection, log analysis, and automated patching. Both teams present, then the class votes on whether AI is currently a net benefit or net harm to cybersecurity, with justification.

50 min·Whole Class

Research Presentation: Post-Quantum Cryptography Standards

Assign pairs one of the NIST post-quantum finalists (CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+). Each pair researches the basic principle their algorithm uses, why it resists quantum attacks, and what the migration challenge would look like for a major website. Pairs present a three-minute summary, and the class discusses the timeline and coordination required for a global cryptographic transition.

40 min·Pairs

Real-World Connections

  • Government agencies like the NSA are actively researching and developing quantum-resistant encryption to protect national security data from future decryption threats.
  • Financial institutions, such as major banks, are investing in PQC research to secure sensitive customer transaction data against 'harvest now, decrypt later' attacks.
  • Cybersecurity firms are developing AI-driven threat detection systems that can identify and respond to novel malware variants and sophisticated phishing campaigns orchestrated by AI.

Assessment Ideas

Discussion Prompt

Pose the following to students: 'Imagine you are a cybersecurity advisor for a national government. Given the threat of quantum computing, what are the top three immediate actions you would recommend to protect critical infrastructure and sensitive data, and why?'

Quick Check

Present students with two hypothetical cybersecurity scenarios: one involving a phishing attack enhanced by AI, and another involving a data breach exploiting a vulnerability to quantum decryption. Ask students to identify the primary threat in each scenario and briefly explain the underlying technology.

Exit Ticket

Ask students to write one sentence explaining the 'harvest now, decrypt later' threat and one sentence describing how AI can be used by attackers. Collect these to gauge understanding of core emerging threats.

Frequently Asked Questions

How could quantum computers break modern encryption?
Quantum computers running Shor's algorithm can efficiently solve the mathematical problems that underpin RSA and elliptic-curve cryptography, factoring large numbers and computing discrete logarithms. These operations are currently infeasible for classical computers but become tractable for quantum systems with enough stable qubits, potentially allowing decryption of traffic protected by today's standards.
What is post-quantum cryptography?
Post-quantum cryptography refers to cryptographic algorithms designed to resist attacks from both classical and quantum computers. In 2024, NIST finalized its first post-quantum standards, including CRYSTALS-Kyber for key exchange and CRYSTALS-Dilithium for digital signatures. These algorithms are based on mathematical problems believed to be hard even for quantum computers.
How are attackers already using AI in cyberattacks?
Attackers use large language models to generate highly personalized phishing emails at scale, dramatically increasing click rates compared to generic messages. AI tools also automate vulnerability scanning and can generate proof-of-concept exploits faster than human researchers. Deepfake voice and video have been used in business email compromise scams to impersonate executives.
How does active learning help students analyze emerging cybersecurity threats?
Emerging threats involve genuine uncertainty, which makes active learning especially well suited. Futures wheel activities help students reason about cascading consequences without a fixed answer key. Structured debates require students to evaluate real evidence rather than accept assertions, building the critical evaluation skills they will need to assess new threats throughout careers that will span multiple technology generations.

More in Network Architecture and Cryptography

Network Fundamentals: OSI and TCP/IP Models

Students learn about the layered architecture of networks using the OSI and TCP/IP models, understanding how data flows.

2 methodologies

Internet Protocols: TCP/IP, DNS, HTTP

Students study TCP/IP, DNS, and HTTP in detail, simulating how packets move across a distributed network.

2 methodologies

Routing and Switching

Students explore how routers and switches direct network traffic, understanding concepts like IP addressing and subnetting.

2 methodologies

Wireless Networks and Mobile Computing

Students investigate the principles of wireless communication, Wi-Fi security, and the challenges of mobile computing.

2 methodologies

Common Cybersecurity Threats and Attack Vectors

Students analyze common attack vectors like SQL injection, man-in-the-middle, and social engineering.

2 methodologies

Defensive Strategies and Security Best Practices

Students design defensive strategies for software applications and learn about security best practices for users and organizations.

2 methodologies