There have been more than 500 actual control system cyber incidents globally in multiple industries. The International Atomic Energy Agency (IAEA) has tasked me to select 3 of the more than 30 nuclear-plant cyber incidents and identify what really happened, what controls were violated, and what policies and guidelines would be needed to prevent or mitigate the incidents. The selected incidents were not identified as cyber, had significant impact on plant operations, and were not network-based but affected the control systems.