In this paper, an enhancement for the attacktolerant scheme in the Networked Control System (NCS) is introduced. The objective is to be able to react to an attack such as the Stuxnet case where the controller is reprogrammed and hijacked. The advantage of this proposed approach is that there is no need for a priori mathematical model of the controller. In order to implement the proposed scheme, a specific detector for the controller hijacking attack is designed. The performance of this scheme is evaluated be connected the detector to NCS with basic security elements such as Data Encryption Standard (DES), Message Digest (MD5), and timestamp. The test results of the proposed method show that the hijacked controller can be significantly detected and recovered.