In the modernization of infrastructure systems such as energy, transportation, and healthcare systems we are seeing the convergence of three research domains: Cyber–Physical Systems (CPS), Big Data, and the Internet of Things (IoT). Indeed, new CPS technologies are are being deployed to create large sensor-actuator networks which produce massive quantities of data often in real-time which is, in turn, being used to inform everyday decision-making of the entities that engage with these large-scale infrastructure systems. As a consequence, such systems are quickly evolving into societal-scale cyber-physical systems. The result of this increasing connectivity and interdependence is two–fold: more data is being collected, transmitted, and stored, and more actuation modalities are available, allowing new ways to influence the behavior of infrastructure systems. These new and pervasive sensing/actuation modalities present new opportunities for improving efficiency, yet they expose novel vulnerabilities. In energy CPS, for instance, smart metering technologies increase the availability of streaming data thereby enabling monetization of energy savings. Such savings can be realized by employing novel machine learning algorithms to customize offerings to consumers. On the other hand, the availability of this fine-grained consumer/system data and the increased number of access points to the broader system expose new privacy and security risks. Hence, there is a inherent efficiency-vulnerability tradeoff. This tradeoff is becoming more pronounced due to greater dependence on CPS technologies and the push towards more human-centric operations, i.e. integration of human decision-making and preferences into the closed-loop behavior of the system. Beginning with the problem of modeling the non-cooperative agents that interact with these large-scale sociotechnical systems and thus, compete over scarce resources, we analyze the of the outcome of their strategic interactions. In particular, we create a characterization of Nash equilibria—termed differential Nash equilibria—in games on non-convex strategy spaces that is amenable to computation. We show that such non-degenerate differential Nash equilibria are structurally stable and generic thereby robust to small modeling errors and measurement noise. Introducing a planner tasked with coordinating these decision-makers, we leverage this characterization in the construction of a utility learning and incentive design algorithm. We provide convergence results in both the case where agents play according to Nash and where they play using a myopic update rule. Narrowing our focus to the demand-side of the smart grid, we consider that the planner will capitalize on new sensing/actuation modalities in the design incentives thereby exposing the efficiency-vulnerability tradeoff. We consider privacy risks introduced by smart metering technologies that produce streaming energy consumption data. We propose a solution that combines economic and statistics tools, i.e. privacy-aware service contracts in which service is differentiated according to privacy and consumers select based on their needs and wallet. We argue that the power company has an incentive to invest in security or purchase insurance because of inefficiencies that arise due to information asymmetries and we design insurance contracts accordingly. We provide a number of qualitative insights that have the potential to be useful for informing policy and regulations in the energy ecosystem. Finally, we conclude with an overview of the contributions and a discussion of future research directions. The contributions are the first steps towards an emerging systems theory of societal-scale cyber-physical systems in which there are many tightly coupled human-CPS decision-making loops and socioeconomic factors intricately woven into the fabric.