This paper presents a threat-lab environment for empirically evaluating cybersecurity risks in SMPTE ST 2110 and AMWA NMOS, based IP media workflows. A segmented testbed, comprising dedicated media, control, and management VLANs; a router VM; and Raspberry Pi nodes acting as sender, receivers, adversary, and monitors, enables controlled execution of representative attack scenarios. These include Layer-2 manipulation (ARP spoofing, MAC flooding), multicast/IGMP disruption (rogue querier, join/report floods), RTP spoofing and payload replacement, and NMOS control-plane interference. Synchronized multi-vantage PCAPs and logs provide temporally aligned measurements of RTP loss, jitter, skew, SSRC behavior, IGMP state transitions, and NMOS heartbeat stability. Across experiments, results consistently show that multicast media playout can appear visually stable even as control-plane signaling and timing degrade. Attacks such as ARP poisoning, IGMP floods, and NMOS HTTP saturation produced significant jitter excursions, registry instability, and forwarding anomalies, yet often with minimal immediate impact on perceived video quality. These findings highlight a critical gap between operational perception and underlying network health. The paper concludes by mapping observed failure modes to practical mitigations and emphasizing the need for robust telemetry and defense-in-depth designs as ST 2110 facilities scale.