The consequences of a cyber-attack on a commercial nuclear power plant are very real. Examples of what can happen are visible with the disasters at the US’s Three Mile Island, Russia’s Chernobyl disaster, and Japan’s Fukushima Daiichi nuclear plant. Although none of the disasters was the result of a cyber-attack, they all provide an example of the potential results of such an attack. Although no known successful cyber-attacks have been successful, two examples of unintentional but similar occurrences highlight the potential for such an attack. Exporting the HMI (Human-Machine Interface) screen is a form of spoofing that allows the hacker to access the input/output device that provides the control panel for the computer system. Plant engineers working at the Browns Ferry Nuclear Plant in Athens, Alabama, intentionally accomplished this form of spoofing, although not intending to hack the system. The exported HMI screen allowed the Reactor Recirculation pump vendor technician to control the reactor recirculation pumps through control of the variable frequency drive (VFD) that controls the pumps speed. Ultimately, the technician gained control of reactor power, something only a United States Nuclear Regulatory Control (NRC) licensed individual is authorized to do. Data storming is a term similar to denial of service attacks, but instead of originating externally to the computer system, it is derived from within the system. Many digital control systems function using a variety of operating systems and, therefore, communicate differently. In such systems, a translator converts all such communications into one that is common to the primary computer. Again, the Browns Ferry Nuclear Plant pumps suffered such a data storm causing them to trip and then causing the reactor to trip. However, the engineers realized that a data storm could have a more adverse effect on the nuclear plant, for example, by causing the pumps to operate in such a way as to exceed reactor thermal limits, causing a meltdown. In addition to the inadvertent cyber configuration control issues occurring at Browns Ferry Nuclear Plant, at least one “worm” infection has occurred at a US nuclear plant. In January 2003, The Davis-Besse nuclear plant was infected by this worm, which caused increased data traffic in the site’s network, resulting in the plant’s Safety Parameter Display System (SPDS) and plant process computer being unavailable for several hours. The investigation determined that this was a failure by a contractor to clear his computer of malware and was not a malicious cyber-attack. In addition, plant personnel were not aware of a patch that could have protected the network.