Modern Industrial Control Systems (ICS) constitute complex and heterogeneous ‘system of systems’ embracing the numerous advantages of traditional Information and Communication Technology (ICT). The pervasive integration of off-the-shelf ICT into the core of ICS broadened the palette of features and applications, but it also raised new design challenges and exposed ICS to a new breed of cyber-physical attacks. In addition, despite all the security solutions in place, unavoidably, these systems may be compromised. Therefore, survivability, that is, the ability to face malicious actions and faults, becomes a salient feature/requirement in the design of modern cyber-connected ICS. We present a comprehensive solution for ensuring the survival of ICS under malicious activities and faults. We design a Software Defined Networking (SDN) and Network Function Virtualization (NFV) based communication infrastructure particularly tailored to address the communication requirements of ICS. We develop an attack detection and localization algorithm for bidirectional ICS flows, and we design an optimal intervention strategy that embraces the communication and security requirements of industrial applications. Finally, we present intrinsic details on recreating a real-life and emulated test infrastructure. Experimental results demonstrate the solution’s applicability to networked robot control systems.

现代工业控制系统（ICS）构成了复杂的异构“系统系统”，具有传统信息和通信技术（ICT）的众多优势。现成的ICT已广泛集成到ICS的核心中，拓宽了功能和应用的范围，但同时也带来了新的设计挑战，并使ICS遭受了新型的网络物理攻击。此外，尽管已部署了所有安全解决方案，但仍不可避免地会破坏这些系统。因此，生存能力，即面对恶意行为和错误的能力，已成为现代网络连接ICS设计的重要特征/要求。我们提供了一个全面的解决方案，可确保ICS在恶意活动和故障下得以生存。我们设计了基于软件定义的网络（SDN）和网络功能虚拟化（NFV）的通信基础架构，这些通信基础架构专门针对ICS的通信需求而设计。我们针对双向ICS流开发了攻击检测和定位算法，并设计了一种涵盖工业应用的通信和安全要求的最佳干预策略。最后，我们介绍了有关重建真实生活和模拟测试基础结构的内在细节。实验结果证明了该解决方案在联网机器人控制系统中的适用性。我们设计了一种最佳的干预策略，该策略应包含工业应用的通信和安全要求。最后，我们介绍了有关重建真实生活和模拟测试基础结构的内在细节。实验结果证明了该解决方案在联网机器人控制系统中的适用性。我们设计了一种最佳的干预策略，该策略应包含工业应用的通信和安全要求。最后，我们介绍了有关重建真实生活和模拟测试基础结构的内在细节。实验结果证明了该解决方案对网络化机器人控制系统的适用性。