Cognitive cyber physical systems (CCPSs) are integrated closed-loop solutions with cyber and physical components that are empowered with cognitive properties. The security of these highly capable CCPSs is a critical issue that needs to be addressed collaboratively with the quality of service constraints and the associated transmission costs. In this article, we highlight the properties of CCPSs, address possible security threats, and provide prominent physical layer security (PLS) solutions. Then we introduce the utility concept as a metric to aid the decision among numerous transmission policies that include combinations of PLS techniques. The PLS framework selects the appropriate transmission policy by maximizing the associated utility while taking user requirements into account. The proposed framework has a flexible, risk-aware control structure. Its real-time applicability is demonstrated with a software-defined-radio-based measurement campaign, along with simulation results.