A cyber-physical system (CPS) is a tight coupling of computational resources, network communication, and physical processes. They are composed of a set of networked components, including sensors, actuators, control processing units, and communication agents that instrument the physical world to make "smarter." However, cyber components are also the source of new, unprecedented vulnerabilities to malicious attacks. In order to protect a CPS from attacks, three security levels of protection, detection, and identification are considered. In this chapter, we will discuss the identification level, i.e., secure state estimation and attack reconstruction of CPS with corrupted states and measurements. Considering different attack plans that may assault the states, sensors, or both of them, different online attack reconstruction approaches are discussed. Fixed-gain and adaptive-gain finite-time convergent observation algorithms, specifically sliding mode observers, are applied to online reconstruction of sensor and state attacks. Next, the corrupted measurements and states are to be cleaned up online in order to stop the attack propagation to the CPS via the control signal. The proposed methodologies are applied to an electric power network, whose states and sensors are under attack. Simulation results illustrate the efficacy of the proposed observers.Keywords: cyber-physical systems, sensor attack, state attack, sliding mode observers Recent real-world cyber-attacks, including multiple power blackouts in Brazil [3], and the Stuxnet attack [4] in 2010, showed the importance of providing security to CPSs. Identification and modeling process as [5,6] which are based on data can be seriously affected by corrupted data. As a result, information security techniques [7] may be not sufficient for protecting systems from sophisticated cyberattacks. It is suggested in [8] that information security mechanisms have to be complemented by specially designed resilient control systems. Controlling CPS with sensors and actuators, who are hijacked/corrupted remotely or physically by the attackers, is a challenge. The use of novel control/observation algorithms is proposed in this chapter for recovering CPS performance online if an attacker penetrates the information security mechanisms.Cyber security of CPS must provide three main security goals: availability, confidentiality, and integrity [7]. This means that the CPS is to be accessible and usable upon demand, the information has to be kept secret from unauthorized users, and the trustworthiness of data has to be guaranteed. Lack of availability, confidentiality, and integrity yields denial of service, disclosure, and deception, respectively. A specific kind of deception attack called a replay attack has been investigated when the system model is unknown to the attackers but they have access to the all sensors [9,10]. Replay attacks are carried out by "hijacking" the sensors, recording the readings for a certain time, and repeating such readings while injecting them together with an exo...