Evolving cyber-attack threats put at risk automatic closed-loop systems to be incorporated in the smart grid. Wide-area control systems are particularly vulnerable to signal spoofing attacks due to sensor remoteness and dependence on satellite communication for time synchronization. A successful cyber-attack on a wide-area controller has the potential to reduce relative stability of the power system or worse, destabilize it. As such, detection algorithms must be deployed as defense against such attacks with the ability to autonomously correct for detected tampering or misoperation. The Spoof Catch and Restore Routine (SCR2), a combination of three real-time spoof detectors, each requiring limited information about the plant, is presented. Nonlinear simulations of a compromised wide-area control system deployed in the Western Interconnection show the effectiveness of SCR2 in detecting both delay-type and counterfeit-type spoofing attacks on wide-area sensors.