Cyber-Physical Systems (CPS) are yielding novel problems and solutions for security researchers. CPSs connect computerized controllers and human supervisors with physical systems used in the energy, transportation, water, manufacturing, and other sectors. Recent attacks against CPS have prompted unprecedented investigation into new threats and mitigations against CPSs. There are motivating examples of real-world control system attacks such as the Maroochy Shire water system attack, the Lodz Poland train derailment, and the Stuxnet virus. In each of these attacks, the adversary capabilities and objectives, vulnerabilities, attack methods, and final outcomes differ significantly. However, despite the increased interest in CPS security problems, the security community faces significant learning curves in addressing them. Modern CPSs are founded on control theory, real-time systems, and obscure, often ad-hoc programming practices. Furthermore, the traditional definitions of security are often in conflict with the goals and operational constraints of CPSs. A security measure that blocks a system operator from executing a critical action could cause as much or more damage than an actual attack. We discuss the most basic and widely deployed application of CPS, control systems, and the emerging problems in their security.