In recent years, the concern over cyber security of power grids has increased significantly due to the fast growing connectivity among power system facilities. Several cyber security measures, e.g., intrusion detection systems (IDSs) and anomaly detection systems (ADSs), have been proposed to (1) mitigate unauthorized access, (2) detect anomalies, and (3) block abnormal behaviors in the communication system of substations. However, due to the lack of capability to handle coordinated cyber attacks by existing cyber security solutions, there is a need for effective methods that can detect coordinated cyber attacks. This paper proposes a new method to detect coordinated cyber attacks on power systems by identifying the relations among detected events. Examples of the relations include (1) IDS alarms, (2) geographic location of the attack, (3) criticality of substations, (4) firewall logs, and (5) attack patterns. Time Failure Propagation Graph (TFPG) and Fuzzy Cognitive Map (FCM) are used for the detection algorithms. A cyber-physical security testbed has been used to simulate the coordinated cyber attacks and validate the methods of the proposed coordinated cyber attack detection system (CCADS).