The control of large-scale distributed systems is a highly relevant but also very challenging task. Examples are energy networks (“smart grids”), traffic and logistic systems, production and manufacturing plants, buildings, water supply and purification systems etc., also including critical infrastructures which are essential for the functioning of our society. The respective control systems are preferably structured as a networked control system (NCS) where locally distributed control devices are interconnected using suitable communication systems to form the overall control system. Since many of the mentioned applications are also safety-critical systems, the design of NCS including safety requirements is very important. While in former times especially safety-critical control systems were mainly proprietary and isolated from access of a larger public, there is a recent trend to connect even those systems like plants or automobiles to “open” public networks. This causes a big security problem since unauthorized access (“cyber attacks”) is now also possible in control systems. Therefore, the design of secure and safe NCS is of high importance and also plays a very significant role in the control of large-scale critical infrastructures.However, the special characteristics of NCS require new security measures which are beyond those coming from conventional IT security for enterprise and desktop computing. So far, much work has been done to transfer those methods from conventional IT security to control systems, but the investigation of security issues in NCS from a control system’s perspective is only at the beginning. While research in computer science mainly considers the protection of information, the main focus of this project is to investigate how cyber attacks manipulate control algorithms and systems and finally also safety-critical physical processes. These considerations shall also take the special characteristics of NCS into account. One additional assumption for this project is that all mentioned IT security measures are necessary but might finally not completely prevent successful intrusion of malware in the control system. In addition, there is a strong need to combine all safety and security issues to an integrated approach.One existing possibility to increase safety is fault-tolerant control (FTC). In a model-based ap-proach, a dynamic model of the process under control is used to compare the real and the modeled behavior of the process. Hereby, differences allow to detect and isolate faults of components during runtime and the control algorithm is adapted to keep the controlled physical process in a desired state even if faults occur. This idea will now be transferred to security issues: in order to detect and identify cyber attacks on a NCS, models also including dynamic models of the physical process under control are applied. If an attack is detected and isolated, a control strategy should maintain the process in a desired safe state even under the attack (“attack-tolerant” control (ATC)). In order to combine security and safety aspects, both ideas of FTC and ATC are now combined to an integrated approach and adapted to the special characteristics of NCS. Therefore the following main research topics will be investigated: requirement and countermeasure analysis for security and fault-tolerance in NCS, detection and isolation of attacks and faults in NCS and design of cyber attack- and fault-tolerant NCS. Herein, especially distributed ATC/FTC approaches will be developed. Finally, the derived new solution will be applied and validated using two application examples: plant control and vehicular networks. Hereby simulations as well a laboratory experimental setups will be developed and evaluated. For the dissemination of the results, early discussions with industrial partners are planned.