Security is one of the biggest concern in power system operation. Recently, the emerging cyber security threats to operational functions of power systems arouse high public attention, and cybersecurity vulnerability thus become an emerging topic to evaluate compromised operational performance under cyber attack. In this paper, vulnerability of cyber security of load frequency control (LFC) system, which is the key component in energy manage system (EMS), is assessed by exploiting the system response to attacks on LFC variables/parameters. Two types of attacks: 1) injection attack and 2) scale attack are considered for evaluation. Two evaluation criteria reflecting the damage on system stability and power generation are used to quantify system loss under cyber attacks. Through a sensitivity-based method and attack tree models, the vulnerability of different LFC components is ranked. In addition, a post-intrusion cyber attack detection scheme is proposed. Classification-based schemes using typical classification algorithms are studied and compared to identify different attack scenarios.