The next few decades will see pervasive autonomous control systems become critical to the world economy---from autonomous cars and aircraft to smart homes, smart cities, and vast energy, communication, and financial networks controlled at multiple scales. Protecting these systems from malicious attacks is a matter of urgent societal interest. The study of secure control has made important advances over the past few years, but these constitute not solutions so much as problem framing and an emerging consensus that traditional fault detection and mitigation fails when confronted with a deliberate attacker: outlaws are different from outliers; fraud is different from faults. Moreover, the vast majority of this early literature focuses only on cyber attacks---infiltration of the communications networks over which sensor measurements y and control commands u are conveyed.