Governance & Risk Management,
Operational Technology (OT),
Video
NAV Canada CISO Tom Bornais Discusses the Importance of Maintaining IT and OT Operations
As cyber threats evolve in sophistication, ensuring the security of vital infrastructure such as aviation systems necessitates proactive and resilient defense strategies. Ahead of the upcoming OTsec Canada Summit scheduled for November 4-5, 2025, Tom Bornais, CISO at NAV Canada, shared insights on how his team prioritizes readiness and rapid response to keep operational technologies functioning effectively.
Bornais emphasized that protecting critical aviation infrastructure parallels other operational technology sectors, highlighting that achieving complete air-gapping of systems is often impractical. He stated that a collaborative approach across different departments, alongside alignment with executive leadership, is essential for securing these systems.
“We’re never going to achieve 100% security,” Bornais noted. “It’s about maintaining proper hygiene, understanding our systems, and developing a robust response mechanism to mitigate any impacts.” He underscored the importance of simulation exercises, which not only enhance coordination but also foster trust between operational and security teams.
Additionally, Bornais pointed out that vendors and supply chains represent a significant attack vector. “We’re developing procedural safeguards and conducting due diligence to reinforce our defenses,” he added. This proactive approach is crucial for safeguarding against potential risks associated with third-party relations.
In a recent interview with Information Security Media Group, Bornais delved into several key topics, including the idea that resilience, rather than perfection, should inform cybersecurity strategies. He also discussed the vital role of tabletop exercises in strengthening security operations and how effective vendor oversight can bolster protective measures for infrastructure.
In his role as CISO, Bornais oversees cybersecurity initiatives and risk management at NAV Canada, a privately operated, nonprofit entity responsible for the nation’s civil air navigation system. He has been with the organization since 2002.
For those interested in further exploring these topics, attendance at OTsec Canada presents a unique opportunity. This event is set to bring together over 100 senior cybersecurity leaders, offering a platform for collaboration and knowledge sharing aimed at enhancing the cyber resilience of Canada’s critical infrastructure and manufacturing sectors.
