Cyber-physical systems, such as smart buildings, cities, and industrial control systems are increasingly managed by software. As the cyber and physical spaces characterizing a software system operating environment are becoming more intertwined, their attack surface has increased and they have become more targeted by attackers. Considering the critical applications of CPS, adversaries can interrupt the functionality of critical infrastructure, also possibly causing human loss. Thus, CPS should be designed to adapt their security controls dynamically, in order to continuously protect valuable assets from harm and satisfy security goals at runtime (during execution). However, research in the adaptive security domain has rarely focused on mitigating unexpected security threats at runtime. Changes of security controls can affect satisfaction of safety-critical properties of a CPS and lead stakeholders (e.g., users and engineers) to lose trust in the system. This can even be more detrimental considering that stakeholders may need to actively monitor data, support decision making and/or execute security controls, in order to avoid security requirements violations. The objective of this talk is to propose the notion of sustainable security systems. Such systems will be capable of detecting new/changing threats and identify effective security controls dynamically. Also, they will endure engagement of the stakeholders in their operation and use. This talk will explore existing key research approaches that have been proposed to: • Formalise adaptive security (cyber-physical) systems and detect/mitigate unexpected security threats at runtime • Support runtime verification of large-scale (cyber-physical) systems • Assure and explain adaptive security systems The keynote will highlight research gaps and challenges towards formalising sustainable security systems and will outline a research agenda to tackle these challenges.