Grid-interactive efficient buildings (GEBs) are not only exposed to passive threats (e.g., physical faults) but also active threats such as cyber-attacks launched on the network-based control systems. The impact of cyber-attacks on GEB operation are not yet fully understood, especially as regards the performance of grid services. To quantify the consequences of cyber-attacks on GEBs, this paper proposes a modeling and simulation framework that includes different cyber-attack models and key performance indexes to quantify the performance of GEB operation under cyber-attacks. The framework is numerically demonstrated to model and evaluate cyber-attacks such as data intrusion attacks and Denial-of-Service attacks on a typical medium-sized office building that uses the BACnet/IP protocol for communication networks. Simulation results show that, while different types of attacks could compromise the building systems to different extents, attacks via the remote control of a chiller yield the most significant consequences on a building system’s operation, including both the building service and the grid service. It is also noted that a cyber-attack impacts the building systems during the attack period as well as the post-attack period, which suggests that both periods should be considered to fully evaluate the consequences of a cyber-attack.