By Durgesh Kalya · OT Network Security & Site Cybersecurity Officer · Author, Incident Management for Industrial Control Systems
Every few months I carve out time to read the big reports. Not to build a presentation slide. Not to impress anyone in a meeting. Just because I genuinely want to know what is going on out there.
That is how this white paper started. A few reports landed in quick succession this spring and I kept seeing the same patterns show up in industries that had nothing obvious in common. So I did what I usually do. I opened a blank document and started connecting the dots.
The paper looks at three sectors: Critical Manufacturing, Transportation and Maritime, and Motion Picture and Television Production. If you are wondering why those three, here is the honest answer. They are close to my world. I work in chemicals and have spent years in OT and ICS environments. I have done MTSA compliance work on the maritime side and found myself following the entertainment industry’s content security story because of how fast TPN grew into a serious industry program. These are not random picks. They are sectors I have been watching for a while, and this spring felt like the right moment to put the comparison on paper.
The thing that struck me most was not the differences between these industries. It was how similar the failures were. Policies in place. Execution missing. That showed up everywhere.
TPN STAR Report — April 2026
First industry study to analyze large scale assessment data across the global content supply chain. The finding that stopped me: in Q1 2026 alone, TPN issued more Security Alerts than in all of 2025. Credential attacks, misconfigurations, unpatched systems. The same weaknesses, over and over.
Dragos 2026 OT/ICS Year in Review
119 ransomware groups. 3,300 industrial organizations hit. Manufacturing took more than two thirds of the impact. Average dwell time: 42 days. But organizations with real OT visibility contained incidents in five. That gap is not a technology problem. It is a discipline problem.
USCG CTIME 2024 Report
Supply chain risks in ship to shore cranes. Cloud misconfigurations. Expanded connectivity aboard vessels creating exposure operators had not fully mapped yet. Maritime is not a slow moving sector anymore when it comes to cyber risk.
NIST CSF 2.0 and the Manufacturing Profile (Draft)
NIST released CSF 2.0 in February 2024 and followed it with a Manufacturing Profile draft in September 2025. A Govern function, supply chain risk management built in, and sector specific guidance for OT environments. The framework is finally catching up to how industrial organizations actually operate.
GAO-25-107244 — Coast Guard Maritime Cybersecurity
The U.S. Maritime Transportation System supports more than $5.4 trillion in annual economic activity. The GAO found that China, Iran, North Korea, Russia, and transnational criminal organizations are the greatest cyber threats to it. That is not background noise. That is the threat environment maritime operators are working in right now.
What the paper argues is pretty simple. Cybersecurity has to stop being the function that shows up at the end of a project to say no. It should be built into the architecture from the beginning. Into the engineering workflow. Into the daily rhythm of how operations run. That is what secure by design actually means and it applies whether you are running a chemical plant, a container terminal, or a production studio in Los Angeles.
I also tied it back to my book on incident management for industrial control systems, because the principles hold across every one of these environments. A structured, practiced response capability is not an IT concept. It is an operational one. And right now, with AI accelerating attack timelines on both sides, it matters more than ever.
The white paper is a good ten to fifteen minute read. If you work in any of these sectors or just want to see how the comparison holds together, I am happy to share it. Drop a comment or reach out directly.
Research is how I stay current. These reports are the pulse of the industry and if you are not reading them, you are working off last year’s picture.
How to find this whitepaper?
Checkout the link below:
(PDF) Cybersecurity for Tomorrow
Full Download available on my LinkedIn: