Unlike general purpose systems, distributed and embedded control systems, such as power grid control systems and water treatment systems, etc., generally have a 24x7 availability requirement. Hence, upgrading or adding new cyber protection features into these systems in order to sustain them when faults caused by cyber attacks occur, is often difficult to achieve and inhibits the evolution of these systems into a cyber environment. In this paper, we present a solution for extending the capabilities of existing systems while simultaneously maintaining the stability of the current systems. An externalized survivability management scheme based on the observe-reason-modify paradigm is applied, which decomposes the cyber attack protection process into three orthogonal subtasks: observation, evaluation and protection. This architecture provides greater flexibility and has an evolvability attribute - it can utilize emerging techniques; yet requires either minimal modifications or even no modifications whatsoever to the controlled infrastructures. The approach itself is general and can be applied to a broad class of observable systems.