As digital systems are being more widely employed in nuclear power plants, the potential for serious consequences caused by cyber-attacks on the plants has drawn increasing attention to cyber-security issues in the nuclear industry. Current practices focus on strategies for preventing cyber-attacks, while little research has been done on how to respond to cyber-attacks when they are detected. In this paper, we propose a game theoretic approach for responding to cyber-attacks on nuclear power plants. The interaction between the defender and the attacker is modeled as a two-player, nonzero-sum, stochastic game, which generalizes both Markov decision processes (MDP) and repeated games. We propose an approach for identifying system states and state transitions, and apply probabilistic risk assessment to obtain credible transition probabilities between system states under the action pair of defender and attacker. The Nash Equilibrium of the game provides the valid prediction of both players’ actions because no single player can benefit from unilaterally deviating from the equilibrium policy if the other player adheres to his/hers, hence it provides the best response of the defender to cyber-attacks. Dynamic programming represents the long-term cumulative utility in a recursive form and we form an equivalent nonlinear program to derive the equilibrium. As a case study, the proposed approach is applied to a simplified benchmark digital feedwater control system. The modeling of the system is presented, and discussions on both the equilibrium policy and state values obtained are provided.