The adoption of artificial intelligence (AI) to critical IT infrastructure offers substantial opportunities for efficiency, resiliency and automation, but also means that you face complex and significant security, governance and operational risks. Traditional project-based implementation approaches are often inadequate for dealing with the long-term, cross-functional and high-risk nature of AI systems in safety-critical and mission-critical environments. This article investigates strategic program management models as an enabling frame for secure and sustainable adoption of Artificial Intelligence (AI) in critical IT infrastructure. It examines the shortcomings associated with ad hoc and siloed AI deployment strategies and makes the case for program level governance structures with integrated security, compliance, risk, and lifecycle oversight. The paper investigates established program management models such as governance-driven, capability based, and hybrid adaptive and assesses their appropriateness for AI initiatives that work in the face of stringent regulatory and cybersecurity constraints. Key enablers such as stakeholder alignment, security-by-design, continuous risk assessment and organizational maturity are discussed in the context of critical infrastructure requirements. The article further suggests a structured program management approach that will bring the AI innovation together with security assurance, regulatory compliance, and operation resilience. By synthesizing the insights from program management theory, cybersecurity governance and from artificial intelligence lifecycle management, this study provides organizations with both a practical framework and strategic foundation to responsibly deploy AI in critical IT environments.

Artificial Intelligence Governance, Program Management, Critical IT Infrastructure, Cybersecurity Strategy, Secure AI Adoption

Barbashina (Vorobieva), K. (2023). National Cybersecurity Strategy 2023. Russia and America in the 21st Century, (S3), 0. https://doi.org/10.18254/s207054760029045-6

Chinnappaiyan, B. (2025). Navigating AI Security Challenges across Industries: Best Practices for Secure Adoption of Generative and Agentic AI Systems. Journal of Computer Science and Technology Studies, 7(6). Retrieved from https://creativecommons.org/licenses/by/4.0/

Djenna, A., Harous, S., & Saidouni, D. E. (2021). Internet of things meet internet of threats: New concern cyber security issues of critical cyber infrastructure. Applied Sciences (Switzerland), 11(10). https://doi.org/10.3390/app11104580

Govea, J., Gaibor-Naranjo, W., & Villegas-Ch, W. (2024). Transforming Cybersecurity into Critical Energy Infrastructure: A Study on the Effectiveness of Artificial Intelligence. Systems, 12(5). https://doi.org/10.3390/systems12050165

Kshetri, N. (2024, April 1). Economics of Artificial Intelligence Governance. Computer. IEEE Computer Society. https://doi.org/10.1109/MC.2024.3357951

Lycett, M., Rassau, A., & Danson, J. (2004). Programme management: A critical review. International Journal of Project Management, 22(4), 289–299. https://doi.org/10.1016/j.ijproman.2003.06.001

Monteiro, N., & Singh, V. (2025, December 1). The wheel of artificial intelligence governance. Sustainable Futures. Elsevier Ltd. https://doi.org/10.1016/j.sftr.2025.101279

Newswire, P. R. (2024). Building AI Security Confidence: SANS Unveils Toolkit to Guide Secure AI Adoption. PR Newswire US. Y. Retrieved from https://search.ebscohost.com/login.aspx?direct=true&AuthType=ip,shib,uid&db=bwh&AN=202410010900PR.NEWS.USPR.UN19710&site=ehost-live&scope=site

Papagiannidis, E., Mikalef, P., & Conboy, K. (2025, June 1). Responsible artificial intelligence governance: A review and research framework. Journal of Strategic Information Systems. Elsevier B.V. https://doi.org/10.1016/j.jsis.2024.101885

Pellegrinelli, S., Partington, D., Hemingway, C., Mohdzain, Z., & Shah, M. (2007). The importance of context in programme management: An empirical review of programme practices. International Journal of Project Management, 25(1), 41–55. https://doi.org/10.1016/j.ijproman.2006.06.002

Schneider, J., Abraham, R., Meske, C., & Vom Brocke, J. (2023). Artificial Intelligence Governance For Businesses. Information Systems Management, 40(3), 229–249. https://doi.org/10.1080/10580530.2022.2085825

Tridgell, J. (2025). Open or closing doors? The influence of ‘digital sovereignty’ in the EU’s Cybersecurity Strategy on cybersecurity of open-source software. Computer Law and Security Review, 56. https://doi.org/10.1016/j.clsr.2024.106078

Trzeciak, M., Kopec, T. P., & Kwilinski, A. (2022). Constructs of Project Programme Management Supporting Open Innovation at the Strategic Level of the Organisation. Journal of Open Innovation: Technology, Market, and Complexity, 8(1). https://doi.org/10.3390/joitmc8010058

van Steen, T. (2025, March 1). Developing a behavioural cybersecurity strategy: A five-step approach for organisations. Computer Standards and Interfaces. Elsevier B.V. https://doi.org/10.1016/j.csi.2024.103939

Wu, X., Klein, G., & Jiang, J. J. (2023). On the Road to Digital Transformation: A Literature Review of IT Program Management. Project Management Journal, 54(4), 409–427. https://doi.org/10.1177/87569728231166846

Yigit, Y., Ferrag, M. A., Ghanem, M. C., Sarker, I. H., Maglaras, L. A., Chrysoulas, C., … Janicke, H. (2025). Generative AI and LLMs for Critical Infrastructure Protection: Evaluation Benchmarks, Agentic AI, Challenges, and Opportunities. Sensors, 25(6). https://doi.org/10.3390/s25061666