The co-design problem is studied for a class of nonlinear CPS under cyber attack, physical component failure and limited communication resources by introducing DETCS. Firstly, in the circumstances of cyber attack and physical component failure, the defense idea of active fault-tolerant combine with passive attack-tolerant is developed, and on the basis, a nonlinear CPS security control model is established that integrates trigger condition, actuator fault and cyber attack. Secondly, based on time delay system theory, the design of robust attack-tolerant observer which can estimate the being attack state and fault in real time, as well as a method of co-compute between fault-tolerant, attack-tolerant controller, the event trigger matrix are obtained respectively. Thus, the goals of active fault-tolerant, passive attack-tolerant control and the method of saving cyber communication resource are given. Finally, a simulation example is given to verify the effectiveness and feasibility of the theoretical research.