Cyber-Physical Systems (CPSs) are systems in which software and hardware entities monitor and manage physical devices using communication channels. They have become ubiquitous in many domains including health monitoring, smart vehicles and energy efficiency as in smart buildings and smart grid operations. The introduction of a digital control system and a communication channel, to exchange data with the physical system, increases the chance of vulnerabilities in the overall system. This paper presents the state-of-the-art of the security vulnerabilities of such systems as well as the possible methods to mitigate/reduce such threats. We will describe recent promising solutions to guarantee confidentiality and authentication of the transported data in building automation network domains, and present ideas to analyze and formally verify the control commands issued by the (possibly compromised) control network computers for execution on SCADA system actuators. The purpose of the latter approach is to prevent malicious parties from injecting malicious commands and potentially driving the underlying physical system into an unsafe state.