The research presented in this paper offers a way of supporting the security currently in place in critical infrastructures by using behavioural observation and big data analysis techniques to add to the Defence in Depth (DiD). As this work demonstrates, applying behavioural observation to critical infrastructure protection has effective results. Our design for Behavioural Observation for Critical Infrastructure Security Support (BOCISS) processes simulated critical infrastructure data to detect anomalies which constitute threats to the system. This is achieved using feature extraction and data classification. The data is provided by the development of a nuclear power plant simulation using Siemens Tecnomatix Plant Simulator and the programming language SimTalk. Using this simulation, extensive realistic data sets are constructed and collected, when the system is functioning as normal and during a cyber-attack scenario. The big data analysis techniques, classification results and an assessment of the outcomes is presented.