Abstract Modern Industrial Control Systems (ICS) constitute complex and heterogeneous ‘system of systems’ embracing the numerous advantages of traditional Information and Communication Technology (ICT). The pervasive integration of off-the-shelf ICT into the core of ICS broadened the palette of features and applications, but it also raised new design challenges and exposed ICS to a new breed of cyber-physical attacks. In addition, despite all the security solutions in place, unavoidably, these systems may be compromised. Therefore, survivability, that is, the ability to face malicious actions and faults, becomes a salient feature/requirement in the design of modern cyber-connected ICS. We present a comprehensive solution for ensuring the survival of ICS under malicious activities and faults. We design a Software Defined Networking (SDN) and Network Function Virtualization (NFV) based communication infrastructure particularly tailored to address the communication requirements of ICS. We develop an attack detection and localization algorithm for bidirectional ICS flows, and we design an optimal intervention strategy that embraces the communication and security requirements of industrial applications. Finally, we present intrinsic details on recreating a real-life and emulated test infrastructure. Experimental results demonstrate the solution’s applicability to networked robot control systems.