I. Introduction
Consider a linear time-invariant dynamical process \begin{equation*} \mathbf{x}[k+1]= \mathbf{Ax} [k], \tag{1} \end{equation*}
where is the discrete-time index, is the state vector and is the system matrix. A network of nodes monitor the state of this system. The -th node receives a measurement of the state, given by \begin{equation*}
\mathbf{y}_{i}[k]=\mathbf{C}_{i}\mathbf{x}[k], \tag{2}
\end{equation*}
where and . We define and . As a basic necessary condition for state estimation, we assume that the pair is detectable. However, for any given , the pair may not be detectable. In the classical distributed state estimation problem [1]–[5], the goal of each node is to track the state of the system based on its own measurement set, and the information received from its neighbors in . The presence of nodes that can act maliciously adds an extra layer of complexity to this otherwise well-explored problem. To solve the distributed state estimation problem in the presence of worst-case adversarial behavior, the authors in [6] developed an attack-resilient filtering algorithm and identified sufficient conditions on the system and network that guaranteed applicability of their approach. The analysis in [6] indicates the need for a certain degree of redundancy in both the measurement structure of the nodes, and the communication graph, so as to counter the effect of adversarial nodes. As an alternative to the conventional approach of increasing robustness through redundancy, the authors in [7] explored the concept of device hardening. Specifically, in the context of consensus dynamics, the authors established that even if a relatively small set of carefully chosen nodes, called trusted nodes, are made immune to attacks, then the overall network can still exhibit the same structural robustness as that of a highly connected, dense network.