The present invention provides a method and system for generating a network attack graph. The method includes: generating a plurality of subtasks according to a subnet reachable relationship of a power information network; allocating the plurality of subtasks to multiple processors for processing, and generating a plurality of sub attack graphs; according to the plurality of sub attack graphs, theinitial authority of an actual attacker, and the authority of the actual attacker obtained during an attack process, determining tenable authority premise attack paths in the sub attack graphs; and constituting the network attack graph by all attack paths. Compared with the prior art, the method can express all reachable network states and their corresponding attack paths, decomposes an attack graph generation process into the plurality of subtasks by distributed processing technology, improves attack graph generation efficiency, reduces attack graph redundancy information, reduces system resource consumption when the attack graph is generated, and can be used for evaluating the overall security of a large-scale complex network system.