The fifth pillar of STEM: Why ‘security’ must be taught alongside science

For decades, educators have encouraged young people to pursue STEM — science, technology, engineering, and mathematics — as the pathway to innovation and progress. It is a framework that has powered discovery, fuelled economic growth, and equipped nations to compete in a knowledge-based world. Yet today, as technology becomes inseparable from daily life, a new reality has emerged: innovation without security is fragility in disguise.

We are living in a century defined as much by cyber risks as by digital opportunity. Every new app, connected device, or artificial-intelligence model expands the surface of vulnerability. In this context, STEM education as we know it is incomplete. To prepare the next generation for leadership in a digital economy, we must introduce a fifth pillar, which is security.

Innovation and exposure grow together

The pace of innovation has outstripped the pace of protection. Students now learn to code before they learn to question how that code can be exploited. Universities teach data analytics, but not always data ethics. We celebrate breakthroughs in robotics and AI, while under-investing in lessons about bias, privacy, and accountability.

The consequences are visible everywhere. Ransomware cripples hospitals; data leaks undermine trust; misinformation erodes democracy. These are not purely technical failures. They are educational ones. If security thinking is not embedded early, we end up producing technologists who can build systems, but not safeguard them.

For years, cybersecurity has been treated as an add-on discipline, something handled by specialists once a product or policy already exists. But resilience cannot be retrofitted. Just as mathematics underpins engineering, security must underpin every aspect of digital learning.

Introducing cybersecurity fundamentals at school and university levels is not about teaching everyone to become an ethical hacker. It is about cultivating secure mindsets; awareness of risk, respect for privacy, and responsibility for digital behaviour. A young engineer who understands how systems can fail will build stronger ones. A communications student who recognises data manipulation can counter misinformation. A policymaker trained in cyber risk will design better digital governance.

The case for a fifth pillar

Adding security to STEM is about protecting trust, the invisible currency of the digital age. Without trust, no amount of technology can sustain progress.

In Sri Lanka, this transformation is urgent. As we digitalise public services, expand online education, and promote tech entrepreneurship, the demand for secure thinking will multiply. Yet the country’s education framework still treats cybersecurity as a niche skill, rather than a foundational literacy.

The world’s leading economies are already adapting. The United Kingdom’s “Cyber First” programme integrates security awareness from secondary school onwards. Singapore’s Digital Defence curriculum teaches students to recognise phishing, disinformation, and online grooming as part of national resilience. Sri Lanka should not wait for crises to compel reform.

Security education must extend beyond the technical. We need what I call “Cyber Civics”, a blend of digital ethics, rights, and responsibility. In the same way that civics teaches citizenship in society, cyber civics teaches citizenship in cyberspace.

This means helping students understand not only how systems work, but how their actions online affect others. It includes privacy, consent, intellectual property, and the moral use of AI. When young people grasp that their digital choices carry real-world consequences, we begin to build what I describe as the human firewall, a culture where awareness itself becomes defence.

Partnerships for a secure future

No single institution can accomplish this alone. The public sector, academia, and private technology companies must collaborate to mainstream cybersecurity education. Platforms that host millions of users, like TikTok, have shown the potential for technology to deliver credible educational content through initiatives like a dedicated STEM Feed . The next step must be integrating safety literacy into such learning spaces, ensuring that curiosity is guided by caution.

At the same time, tertiary institutions and professional bodies must embed cybersecurity and digital ethics modules into every STEM programme. Employers, too, should reward graduates who demonstrate not only technical skill but responsible digital citizenship.

Cybersecurity is often discussed as a technical policy challenge. In truth, it is a human development challenge. A country’s resilience will depend less on its firewalls and more on its awareness. The workforce of the future, from engineers, data scientists to entrepreneurs, must be fluent in both creation and protection.

Sri Lanka has the talent and infrastructure to lead South Asia in this direction. Our youth are digitally engaged and globally connected. By reframing security as a shared learning goal rather than a specialist pursuit, we can equip them not just to use technology, but to govern it wisely.

In conclusion

The time has come to evolve from STEM to STEMS — Science, Technology, Engineering, Mathematics, and Security. Every classroom that teaches a child to code must also teach them to protect. Every innovation initiative must include a lesson on risk.

Security should not be something we remember after a breach. It should be something we teach before a breakthrough. If we want a digital Sri Lanka that is innovative, inclusive, and trusted, then we must start by building not only smart minds, but secure ones.

(The writer is a renowned cybersecurity and AI policy leader in Sri Lanka)