Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On Large Language Models in Mission-Critical IT Governance: Are We Ready Yet?

Matteo Esposito, Francesco Palagiano, Valentina Lenarduzzi, Davide Taibi

TL;DR

The paper investigates the readiness of integrating large language models into mission-critical IT governance (GMCS) by surveying practitioners in European public administration and defense contexts. Using a mixed-methods survey, it examines familiarity with LLMs, envisioned roles, impact on existing GMCS frameworks, and policy needs. Findings indicate enthusiastic potential for efficiency and real-time risk analysis but highlight critical concerns around data privacy, regulatory compliance, context understanding, and the need for transparency and accountability. The authors advocate interdisciplinary collaboration to develop regulation-oriented models, data-protection practices, and a unified global AI framework to ensure safe, ethical LLM-enabled GMCS.

Abstract

Context. The security of critical infrastructure has been a pressing concern since the advent of computers and has become even more critical in today's era of cyber warfare. Protecting mission-critical systems (MCSs), essential for national security, requires swift and robust governance, yet recent events reveal the increasing difficulty of meeting these challenges. Aim. Building on prior research showcasing the potential of Generative AI (GAI), such as Large Language Models, in enhancing risk analysis, we aim to explore practitioners' views on integrating GAI into the governance of IT MCSs. Our goal is to provide actionable insights and recommendations for stakeholders, including researchers, practitioners, and policymakers. Method. We designed a survey to collect practical experiences, concerns, and expectations of practitioners who develop and implement security solutions in the context of MCSs. Conclusions and Future Works. Our findings highlight that the safe use of LLMs in MCS governance requires interdisciplinary collaboration. Researchers should focus on designing regulation-oriented models and focus on accountability; practitioners emphasize data protection and transparency, while policymakers must establish a unified AI framework with global benchmarks to ensure ethical and secure LLMs-based MCS governance.

On Large Language Models in Mission-Critical IT Governance: Are We Ready Yet?

TL;DR

The paper investigates the readiness of integrating large language models into mission-critical IT governance (GMCS) by surveying practitioners in European public administration and defense contexts. Using a mixed-methods survey, it examines familiarity with LLMs, envisioned roles, impact on existing GMCS frameworks, and policy needs. Findings indicate enthusiastic potential for efficiency and real-time risk analysis but highlight critical concerns around data privacy, regulatory compliance, context understanding, and the need for transparency and accountability. The authors advocate interdisciplinary collaboration to develop regulation-oriented models, data-protection practices, and a unified global AI framework to ensure safe, ethical LLM-enabled GMCS.

Abstract

Context. The security of critical infrastructure has been a pressing concern since the advent of computers and has become even more critical in today's era of cyber warfare. Protecting mission-critical systems (MCSs), essential for national security, requires swift and robust governance, yet recent events reveal the increasing difficulty of meeting these challenges. Aim. Building on prior research showcasing the potential of Generative AI (GAI), such as Large Language Models, in enhancing risk analysis, we aim to explore practitioners' views on integrating GAI into the governance of IT MCSs. Our goal is to provide actionable insights and recommendations for stakeholders, including researchers, practitioners, and policymakers. Method. We designed a survey to collect practical experiences, concerns, and expectations of practitioners who develop and implement security solutions in the context of MCSs. Conclusions and Future Works. Our findings highlight that the safe use of LLMs in MCS governance requires interdisciplinary collaboration. Researchers should focus on designing regulation-oriented models and focus on accountability; practitioners emphasize data protection and transparency, while policymakers must establish a unified AI framework with global benchmarks to ensure ethical and secure LLMs-based MCS governance.

Paper Structure

This paper contains 17 sections, 7 tables.

Table of Contents

  1. Introduction
  2. Study Design
  3. Goal and Research Questions
  4. Study Context
  5. Population
  6. Questionnaire
  7. Data Analysis
  8. Results
  9. Demographic
  10. Familiarity and experience with LLMs (RQ$_1$)
  11. Future Roles, Perceived Benefits and Limitations (RQ$_2$)
  12. Impact on current GMCS frameworks (RQ$_3$)
  13. Role of policy in LLM's safe and ethical use (RQ$_4$)
  14. Discussions
  15. Threats to Validity
  16. ...and 2 more sections