Canada’s Bill C-8 (the Critical Cyber Systems Protection Act, reintroduced June 2025 after Bill C-26 died on prorogation) passed the House of Commons in April 2026 and is now before the Senate. When it receives Royal Assent, designated operators in telecom, energy, pipelines, nuclear, transportation, and banking will face mandatory cybersecurity programs, 72-hour incident reporting, and supply chain risk mitigation requirements. Otorio Titan — now the on-premises OT/ICS layer of Armis Centrix — is purpose-built to address exactly these obligations: continuous asset visibility across converged IT/OT environments, risk-scored attack path mapping, and proactive vulnerability management tuned for industrial control systems. Many Canadian federal and provincial critical infrastructure operators — including DND/CAF facilities, nuclear operators, and interprovincial pipeline systems — require security tooling that functions in fully air-gapped or sequestered networks where cloud connectivity is not an option. Otorio Titan, now marketed as Armis Centrix for OT/IoT Security (On-Prem), was designed explicitly for this requirement. It delivers the same asset discovery, risk scoring, and threat detection capabilities as the cloud platform but in a self-contained on-premises deployment — including support for rugged, fly-away kit configurations for mobile or remote mission environments. ServiceNow completed its acquisition of Armis on April 20, 2026 for $7.75 billion. The deal integrates Armis Centrix — including the Otorio-powered OT/ICS on-premises capability — directly into ServiceNow’s Security and Risk workflows. For Canadian public sector customers already deploying ServiceNow for ITSM and GRC, this creates a unified asset visibility and cyber risk management path that extends from IT infrastructure into operational technology and cyber-physical systems, without requiring a separate platform procurement. Armis is a recognized Gartner Magic Quadrant Leader for CPS Protection Platforms (2025 and 2026). Otorio Titan implements risk scoring against the IEC 62443 industrial cybersecurity standard, the framework most widely referenced by Canadian critical infrastructure operators and federal procurement requirements for OT environments. The platform’s CSAV (Cyber Security Asset Vulnerability) framework extends risk assessment to legacy OT assets that have no published CVEs — a critical gap in conventional IT vulnerability scanners when applied to PLCs, SCADA systems, and industrial network components. This enables operators to demonstrate defensible, standards-aligned risk posture to regulators, auditors, and under the forthcoming CCSPA reporting obligations.