The dynamics of change in security threats are the public concerns and the utilities aim to be the forefront in anticipating the imminent attacks. Typically, an organization has established their Information Technology (IT) business management and standards. However, complying North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards has always been a challenge as it requires an ongoing update of best practice for utility’s engineering workforce to understand residual cyber risks and potential impacts of a catastrophic incident. Cross-training cultivation among the two professional groups is becoming an important subject in compliance. The aim is to (i) establish ongoing cybersecurity training for cross-domain interdisciplinary knowledge of cyber-physical systems (CPS) security; (ii) understand cyber risks and potential impacts on the physical network with quantifiable metrics, which promote common language in communication between the IT specialists and control engineers in terms of compliance and effective implementation of security protection; and (iii) extract anomalous statistics that can be discerned as part of the mean-time-to-compromise (MTTC) determination.