The article presents an approach to classification that will help to identify specific areas of possible cyberattacks and significantly narrow the range of targets vulnerable to attackers. Criteria are considered that allow one to classify cyber-physical systems (attack targets) that are part of nuclear facilities. It is proposed to enter into the basis of the classification such concepts as an object, an attacking and attacking action. The novelty in this work lies in the development of a classification that can be used most effectively to assess the vulnerabilities of systems of critical infrastructure facilities.