Distributed detection of covert attacks for linear large-scale interconnected systems is addressed in this paper. Existing results consider the problem in centralized settings. This work focuses on large-scale systems subject to bounded process and measurement disturbances, where a single subsystem is under a covert attack. A detection methodology is proposed, where each subsystem can detect the presence of covert attacks in neighboring subsystems in a distributed manner. The detection strategy is based on the design of two model-based observers for each subsystem using only local information. An extensive detectability analysis is provided and simulation results on a power network benchmark are given, showing the effectiveness of the proposed methodology for the detection of covert cyberattacks. I. INTRODUCTION C RITICAL infrastructures such as, for example, electric power systems, water distribution networks, telecommunication networks, transportation systems, and industrial processes are nowadays large-scale systems that are interconnected not only on the physical layer but through a communication infrastructure thus increasing the vulnerability to external cyber-attacks. Security concerns related to these systems include both physical security and cyber-security, as well as combined cyber-physical threats. Indeed, in recent years, the security challenge has become a vital technological issue, especially after the occurrence of incidents involving industrial plants and critical infrastructures (see [1], [2]). Due to the complexity of these systems and the computational and communication constraints, the development of distributed methodologies for monitoring and detection of malicious cyber-attacks has become a necessity. Recently developed comprehensive techniques for distributed fault diagnosis (see, for instance the recent works [3], [4] and the references cited therein) may not be fully effective in detecting