This paper presents a mathematical framework for cyber-physical systems, attacks, and monitors. It characterizes fundamental monitoring limitations from system-theoretic and graph-theoretic perspectives and designs centralized and distributed attack detection and identification monitors. The paper validates its findings through examples. Cyber-physical systems integrate physical processes, computational resources, and communication capabilities. They are vulnerable to attacks on their physical infrastructure and data management layers. Existing work on fault detection and isolation in control systems is insufficient for cyber-physical systems, which have unique vulnerabilities. The paper proposes a unified modeling framework for cyber-physical systems and attacks, including the deterministic static detection problem and various attack types such as deception, denial of service, stealth, false-data injection, replay, and covert attacks. It shows that a class of monitors cannot detect certain attacks if the attackers' signals excite only zero dynamics of the system. It provides a graph-theoretic characterization of undetectable attacks and designs centralized and distributed monitors that can detect and identify all detectable and identifiable attacks. The paper also illustrates the potential impact of its theoretical findings through examples, showing the advantages of dynamic monitors over static ones. The paper concludes that the existence of undetectable attacks is equivalent to the existence of invariant zeros in the system, and that the structural left-invertibility of a system is equivalent to the existence of a linking of size |U| from U to Y. The paper also discusses the design of centralized and distributed attack detection filters, showing that they can detect attacks if the system is detectable and the initial state is known. The paper also discusses the design of distributed attack detection filters, which exploit the sparsity of the filter matrices to develop a distributed detection filter. The paper concludes that the proposed methods are effective in the presence of system noise, nonlinearities, and modeling uncertainties.This paper presents a mathematical framework for cyber-physical systems, attacks, and monitors. It characterizes fundamental monitoring limitations from system-theoretic and graph-theoretic perspectives and designs centralized and distributed attack detection and identification monitors. The paper validates its findings through examples. Cyber-physical systems integrate physical processes, computational resources, and communication capabilities. They are vulnerable to attacks on their physical infrastructure and data management layers. Existing work on fault detection and isolation in control systems is insufficient for cyber-physical systems, which have unique vulnerabilities. The paper proposes a unified modeling framework for cyber-physical systems and attacks, including the deterministic static detection problem and various attack types such as deception, denial of service, stealth, false-data injection, replay, and covert attacks. It shows that a class of monitors cannot detect certain attacks if the attackers' signals excite only zero dynamics of the system. It provides a graph-theoretic characterization of undetectable attacks and designs centralized and distributed monitors that can detect and identify all detectable and identifiable attacks. The paper also illustrates the potential impact of its theoretical findings through examples, showing the advantages of dynamic monitors over static ones. The paper concludes that the existence of undetectable attacks is equivalent to the existence of invariant zeros in the system, and that the structural left-invertibility of a system is equivalent to the existence of a linking of size |U| from U to Y. The paper also discusses the design of centralized and distributed attack detection filters, showing that they can detect attacks if the system is detectable and the initial state is known. The paper also discusses the design of distributed attack detection filters, which exploit the sparsity of the filter matrices to develop a distributed detection filter. The paper concludes that the proposed methods are effective in the presence of system noise, nonlinearities, and modeling uncertainties.