A primary challenge to studying power system cybersecurity is understanding and validating attacks' cyber-physical causal chains. However, the electrical power grid is a critical infrastructure, and thus experimenting on the actual grid is rarely allowed. Aiming to address this challenge, this paper proposes a cyber-physical testbed design, consisting of three main components: energy management system, communications, and the physical power system simulator. The energy management system features real-time information processing. The communications are capable of emulating network delays and data transmission using industry standard protocols. Finally, the physical power grid is simulated in a cyber-physical synchronized environment. The performance of the testbed design's initial implementations is demonstrated with two attacks, False Data Injection and Denial-of-Service, on the IEEE-14 Bus system.