This document discusses cyber threats and security approaches for cyber-physical systems (CPS). It first reviews studies on CPS security modeling and data management. It then discusses three main approaches for modeling and optimizing secure CPS: model-based design, platform-based design, and contract-based design. Next, it covers four methods for CPS risk assessment: expert elicitation models, attack graphs, game theory, and Petri nets. It concludes by discussing reachability analysis, controller synthesis, and vulnerability analysis techniques for verifying CPS models and properties.