In the nuclear industry, regulatory guidelines of cyber security have focused on managing auditory records and blocking physical access. Most of the research in the nuclear cyber security field also has proposed technology applications. However, the possibility of operator’s wrong actions caused by cyber-attack has not been considered yet. Although MCR (Main Control Room) operators should play critical roles in response to cyber-attack, the operator factor has been regarded as an unimportant factor. Operator’s roles and tasks are even not defined specifically during cyber attacks. In order to help operators to comprehend the cyber-attacked situation and to respond effectively, this study analyzes which information should be given to MCR operators and how the information should be provided. In addition, based on results of the analysis, basic design concepts of cyber-SA support system are suggested.