On the 17th episode of Enterprise Software Defenders, host Evan Reiser (Abnormal Security) talks with Mark Ferguson, CISO at Bombardier. Bombardier is a Canadian multinational aircraft company best known for producing premium business jets. It has over 17,000 employees and over $8 billion in annual revenue. In this conversation, Mark shares his thoughts on Bombardier's impressive scale, the complexities of cybersecurity in the aviation industry, and the role of AI in enhancing security operations.
Mark begins by offering a glimpse into Bombardier's staggering scale and dominance in the business aviation industry. As Mark puts it, "We design, develop, build, and sell business aircraft, [as in] private jets. We compete mainly in medium- and large-sized markets, and we're predominantly number one and two in both markets." The company's extensive reach includes major production and engineering sites across Canada, the United States, and Europe, enabling Bombardier to maintain a significant global presence. This vast network ensures the company can effectively meet the diverse needs of its international clientele. Bombardier's operations are not only vast but also intricately complex. Manufacturing jets requires advanced technology and precise coordination across various functions. Managing a complex supply chain that sources high-quality components from a global network of suppliers is a significant challenge. As Mark explains, "We only make one product, but the whole process of how you design, build, and sell an aircraft brings complexity into it… We've got so many suppliers, particularly on the IT side from a cyber perspective, and I've got to rely on these suppliers to get everything right every single time. Layer on top that we're expanding and rapidly moving into the cloud and, again, depending on those suppliers to get it right every single time." The seamless integration of these vital elements is critical to Bombardier's continued success and leadership in the industry.
The complexities of cybersecurity in the aviation industry are profound, as aviation companies like Bombardier must maintain their products for decades, which means securing legacy IT systems alongside modern technologies. Mark explains, "We've got to be able to support a product for 25 years or greater, which means a lot of the IT systems that were part of that initial build have got to exist. So that brings with it a complexity that comes with many legacy systems that just makes securing these environments a lot harder." This creates a multifaceted cybersecurity environment where older systems, which might not have been designed with today's security threats in mind, need to be protected against contemporary cyber threats. Additionally, the critical nature of aviation safety and the high value of intellectual property in this industry make it a prime target for cyberattacks. Mark points out that the dependence on a vast network of suppliers further complicates the cybersecurity landscape, as each supplier must consistently be reliable and secure to protect the entire supply chain. As these challenges grow, integrating enterprise AI tools to enhance security operations is becoming increasingly vital for addressing these complex demands.
Today, the role of AI in Bombardier's operations is becoming more prominent and transformative. Mark highlights how the company uses AI to streamline data analysis and improve security responses: "We saw an anomaly in the environment, and one of the guys said, let's feed it into Copilot and let's see what it does. And I mean, it [the solution] came back within seconds." This capability is crucial in a complex environment where quick detection and response can prevent significant breaches. AI can also assist in predictive maintenance, ensuring that IT systems remain secure over their long lifespans. However, Mark also notes the dual-edged nature of AI, as cybercriminals can exploit these same technologies to enhance their attack strategies. "AI's enabling us to crunch through data a lot quicker...criminals are going to use that same capability." To counter the growing tools at the disposal of threat actors, Mark believes that adopting AI-driven solutions and collaborating with forward-thinking security vendors will allow Bombardier to effectively combat emerging threats and continue to enhance its overall cybersecurity posture.
At Bombardier, utilizing advanced AI technologies and a comprehensive understanding of the industry's complexities pave the way for more complete and efficient security operations. With AI enhancing data analysis and predictive maintenance, Bombardier is maintaining its market leadership and setting new standards in cybersecurity. The commitment to innovation and proactive threat management exemplifies how the aviation sector can navigate its unique challenges. By staying ahead of cybercriminals and leveraging cutting-edge technologies, Bombardier demonstrates that a secure and resilient future is possible for the aviation industry.