In an NPP cyberattack situation, not only safety response actions but also security response actions must be taken. However, operators unfamiliar with the cyber security may have difficulties in planning response actions. In this study, a security state-based cyberattack response planning method is developed using the Markov decision process model. Based on the temporal response margin analysis, available response actions are modeled as actions that can increase the available response time or decrease the response time required to secure plant safety. The response reward of an action is quantified as an increase in the response margin time. By modifying the existing action-value function and adopting the Monte-Carlo tree search algorithm, the developed method can help to establish optimal response plans that can maximize the response margin time and minimize the time required for securing plant safety. A case study validated the developed method using a hardware in the loop system. (c) 2021 Elsevier Ltd. All rights reserved.