Future power grids will be required to operate safely and reliably against cyber-physical attacks. The large dimensionality and the difficulty in calibrating dynamical network models precludes the use of centralized attack detection algorithms. This paper proposes a unified modeling framework and an advanced detection procedure whose implementation requires only local network knowledge. We model a power network as a linear time-invariant descriptor system and cyber-physical attacks as unknown inputs. This modeling framework captures, for instance, network components malfunction and measurements corruption. In our detection method the power network is partitioned among geographically deployed control centers, possibly located at transmission substations. Each control center has knowledge of only its respective subarea dynamics, is able to acquire information from neighboring areas, and is capable of performing basic computations. Under these minimal technological requirements and a reasonable observability assumption, we design an entirely distributed detection filter which requires only local network knowledge and yet achieves guaranteed global performance. Our detection filter is based on a sparse residual filter in descriptor form, which can be stabilized via decentralized output injection and implemented distributively via waveform relaxation.