Control systems currently face disruption from cyber-attacks as well as physical interference. Resilience of a control system to random and physical failures is usually achieved by implementing redundancy in the system such that a failure of a single component does not compromise operation of the system. Typically, redundant components of the system are identical. In the case of random or physical failures, an assumption that only a subset of devices will be affected generally holds. When the system faces cyber-attacks from intelligent adversaries, however, identical redundancy may be insufficient to maintain trustworthy operation of the system since cyber-attacks can be launched against many systems simultaneously. Conventional approaches to maintaining resilience of control systems cannot fully protect potentially critical control systems from cyber-attacks.