More then 20 years the Institute of Control Sciences (ICS) carries out work on the design of I&C systems of hazardous industrial plants such as the nuclear power plants (NPP). Recent decade the development of the system of upper block level for advanced NPPs: Busher NPP (Islamic Republic of Iran) and Kudankilam NPP (Republic of India), gave a further impetus to our studies on provision of the modern security on NPP. In evolving threat landscape we have to pay strong attention on the cyber (information) security at all stages of the O&C system life cycle. Effective measures of the cybersecurity of NPP I&C are to be based on an effective set of security policies, where a security policies is often existed in a form an non-formalized description presented in a natural language. The security polices defines an expectations and requirements to control the cybersecurity beyond the system. Our experience shows The existence of the security policies does not guarantee real quality the information protection of I&C, even under the condition of its full and accurate implementation [1]. Factors of the vulnerability are: non-formal definition of the security policies itself enabling various interpretation of guidelines of the policies, its considerable complexity for I&C, involving a large amount of assets and relationships between them. The last may lead to availability of internal contradictions or incompleteness of the security policies which was not verified during the manual assessment of the cybersecurity policy. So, for correct implementation of the security policies, one should transfer its description in the form of formal (analytical) security model, admitting its mathematical verification. In this case, formal models of the I&C enable one, due to more compact description, to reveal requirements to the security and assessing the important characteristics of environment at the level of detail needed for understanding of the security context. But we met with the obstacle that no suitable tool for I&C cybersecurity simulation using the formal security model really available for I&C specialists. We are found really very few tools as NetAPT [www.perform.illinois.edu], Microsoft Thread Security[www.microsoft.com], Threat modeler [http://myappsecurity.com] but they have limitations in how the model can describe I&C system architecture and possible way of the right transfer in a model. We started open, free project OMOLE on a top of WWW based service (omole.ws) helps to identify potential security breaks in a I&C system. The technique lays underground the service is extended take-grant security model [2]. The formal technique used to provoke thoughts about the way how the rights and information may be passed along the systems assets under given operation conditions The rights may not initially exist during the sequence of elementary transformation of the initial security model. The rights may be acquired through authorized or unauthorized procedure. The security model ∑(G*, OP) are presented as directed security graph G = (A, R ), where: G* set of all possible state of the system; OP ={Create, Remove, Find, Post, Pass, Spy, Find} - set of elementary transitional rules. A = O ∪ S - assets, where O - objects, S - subjects; R = {Read+, Write+, Take, Grant, Read, Write} - access rights. Engineering's insight and system knowledge about the analyzed system is required when formal security model for system to be built. As security model is constructed the basic security knowledge to understand the results of simulation. The c OMOLE simulation tool provides way to: • Summarizes the system architecture and components, and its overall level of security; • Recommends safeguards, and describes the expected level of risk that would remain if these safeguards were put in place; • Shows where an organization needs to concentrate its remedial work; • Finds paths how information and authority can be transferred between assets of the protection graph; • Automatically finds the zones in a protection graph agree with given right; • Automatically build the hierarchy of the assets in the system agree with given right. References: Requirements to formal security models for NPP I&C Promyslov Vitaly, International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange IAEA Headquarters Vienna, Austria 1–5 June 2015 Bell, David Elliott and LaPadula, Leonard J. Secure Computer Systems: Mathematical Foundations. MITRE Technical Report 2547, Volume I, 1 March 1973