This paper presents new results on the applications of reachability methods and computational tools to a two-area power system in the case of a cyber attack. In the VIKING research project a novel concept to assess the vulnerabilities introduced by the interaction between the IT infrastructure and power systems is proposed. Here we develop a new framework and define a systematic methodology, based on reachability, for identifying the impact that an intrusion might have in the Automatic Generation Control loop, which regulates the frequency and the power exchange between the controlled areas. The numerical results reveal the weaknesses of the system and indicate possible policies that an attacker could use to disturb it.