Distributed intelligence and secure interconnected communication networks constitute recognized key factors for the economic operation of electricity infrastructures in competitive power markets. Hence, electric power utilities need to extend risk management frameworks with adequate tools for assessing consequences of ICT (Information and Communication Technologies) threats on their critical business. This requires realistic probability estimates to cyber threat occurrences and consequent failure modes. Due to data sensitivity and rapid discovery of new vulnerability exploits, historical data series of ICT failures affecting power control infrastructures are not sufficient for a timely risk treatment. Such lack of data can partially be overcome by setting up testbeds to run controlled experiments and collect otherwise unavailable data related to cyber misbehaviours in power system operation. Within the project CRUTIAL (CRitical UTility InfrastructurAL resilience) two testbed platforms have been set up for experimentally evaluating malicious threats on macro and micro grid control scenarios. Results from experimental campaigns are analyzed in the paper by means of an evaluation framework.