[摘要] This paper provides an approach for developing potential attacks on I and C systems of NPPs and assessing their consequences. An important concept is that the NPPs were not designed to cope with Stuxnet-type of attacks (and any other cyber attacks). That is, the plants were only designed for design basis accidents. The safety margins and redundancies built in the design are all based on design basis accidents. They may be helpful in mitigating cyberattacks, but may not be adequate.