Increasing interconnectivity and spatial distribution in cyber-physical systems (CPS) pose critical resilience and security challenges; existing black-box, deep learning–based spatiotemporal anomaly detection methods suffer from poor interpretability, limited adaptability to distributional shifts, and insufficient robustness to dynamic system evolution. Method: This paper proposes a novel, causality-centered detection paradigm integrating three core techniques: causal graph modeling, multi-view causal fusion, and continual causal learning. It constructs evolvable, structured causal models via causal discovery and inference, and synergistically combines generative AI with multimodal signal processing for root-cause tracing and early warning. Contribution/Results: Evaluated on a real-world water treatment system, the method significantly improves detection accuracy and generalization against dynamic attacks and distributional shifts. It establishes a new paradigm for interpretable, adaptive CPS security assurance.

As cyber-physical systems grow increasingly interconnected and spatially distributed, ensuring their resilience against evolving cyberattacks has become a critical priority. Spatio-Temporal Anomaly detection plays an important role in ensuring system security and operational integrity. However, current data-driven approaches, largely driven by black-box deep learning, face challenges in interpretability, adaptability to distribution shifts, and robustness under evolving system dynamics. In this paper, we advocate for a causal learning perspective to advance anomaly detection in spatially distributed infrastructures that grounds detection in structural cause-effect relationships. We identify and formalize three key directions: causal graph profiling, multi-view fusion, and continual causal graph learning, each offering distinct advantages in uncovering dynamic cause-effect structures across time and space. Drawing on real-world insights from systems such as water treatment infrastructures, we illustrate how causal models provide early warning signals and root cause attribution, addressing the limitations of black-box detectors. Looking ahead, we outline the future research agenda centered on multi-modality, generative AI-driven, and scalable adaptive causal frameworks. Our objective is to lay a new research trajectory toward scalable, adaptive, explainable, and spatially grounded anomaly detection systems. We hope to inspire a paradigm shift in cybersecurity research, promoting causality-driven approaches to address evolving threats in interconnected infrastructures.