On Large Language Models in Mission-Critical IT Governance: Are We Ready Yet?

TL;DR

This paper examines the readiness of large language models for mission-critical IT governance, highlighting challenges, practitioner insights, and the need for interdisciplinary collaboration and regulation to ensure safe deployment.

Contribution

It provides empirical insights into practitioners' views on integrating generative AI into mission-critical system governance and offers recommendations for stakeholders.

Findings

Practitioners emphasize data protection and transparency.

Researchers should develop regulation-oriented, accountable models.

Policymakers need to establish a unified AI governance framework.

Abstract

Context. The security of critical infrastructure has been a pressing concern since the advent of computers and has become even more critical in today's era of cyber warfare. Protecting mission-critical systems (MCSs), essential for national security, requires swift and robust governance, yet recent events reveal the increasing difficulty of meeting these challenges. Aim. Building on prior research showcasing the potential of Generative AI (GAI), such as Large Language Models, in enhancing risk analysis, we aim to explore practitioners' views on integrating GAI into the governance of IT MCSs. Our goal is to provide actionable insights and recommendations for stakeholders, including researchers, practitioners, and policymakers. Method. We designed a survey to collect practical experiences, concerns, and expectations of practitioners who develop and implement security solutions in the context of MCSs. Conclusions and Future Works. Our findings highlight that the safe use of LLMs in MCS governance requires interdisciplinary collaboration. Researchers should focus on designing regulation-oriented models and focus on accountability; practitioners emphasize data protection and transparency, while policymakers must establish a unified AI framework with global benchmarks to ensure ethical and secure LLMs-based MCS governance.