Abstract:Withthewidedeploymentofcommunicationdevicesandthecontinuousdevelopmentofinformationtechnologies,the cyberriskfacedbythethenew powersystem cannotbeignored.Thispaperproposesanemergencyfaultscreeningmethod consideringcyberriskswhoseprocessisanattackerpenetratingthrougharemotemaintenanceconfigurationinterfaceprovidedby anequipmentvendorandthensendingcommandstocircuitbreakersthroughintelligentelectronicdevices(IEDs)tocausemultiple line trips. First, the generalized stochastic Petri net is adopted to model the dynamic process of the substation under cyber attack andcalculatethesteady-stateprobabilityofdifferentabnormalstatesinthesubstation.Then,adefinitionoftherisktopower systemsfromIEDcyberattacksisgiven,andatwo-layermixed-integernonlinearmodelisbuilttoscreenthesubstations,IEDs, and their controlled lines that are likely to be attacked. Finally, based on the dual theory and the combination of log-taking, piecewiselinearizationandotherlinearizationmethods,thetwo-layermodelistransformedintoasingle-layermixed-integerlinear optimizationmodelwhichcanbedirectlysolvedbythecommercialsolverGurobi.ThecaseanalysisresultsbasedonIEEERTS 24-bus system and IEEE 118-bus system validate the effectiveness of the proposed method, and prove that the classical N-K and probabilisticN-Ktwo-layermixed-integeroptimizationmodelsarenotsuitableforfaultscreeninginIEDcyber-attackscenarios. This work is supported by NationalNaturalScience Foundation ofChina (No.U1966207). Keywords:substationcyberattack;faultscreening;riskassessment;two-layermixed-integeroptimization;generalizedstochastic Petrinet