With the rapid advancement and integration of communication and sensor technologies, power system operation is becoming more vulnerable to cyberattacks, particularly attacks in which malicious data could induce catastrophic consequences on market operations. Financial risks, as well as the potential physical damages, raise growing concerns about the reliable operation of the electricity market. Existing market-targeting cybersecurity research has focused on developing attack strategies or detection schemes. However, the lack of cyber-vulnerability analysis (CVA) hinders operators from systematically evaluating the real-time (RT) market-clearing model and identifying potential threats from a cybersecurity perspective. This article proposes a comprehensive CVA model for delivering a detailed analysis of four aspects of vulnerability: highly probable cyberattack targets, devastating attack targets, risky load levels, and mitigation ability under different degrees of defense. Users can simulate interactions between attackers and defending operators under different attack events, and the corresponding market settlements are also obtained. The proposed bilevel model is recast into mixed-integer linear programming through Karush–Kuhn–Tucker (KKT) conditions. A simulation study on an IEEE-30 bus system demonstrates the accuracy and effectiveness of the proposed CVA model.

中文翻译：

---

电力市场实时运行的网络漏洞分析

随着通信和传感器技术的快速进步和集成，电力系统运行变得越来越容易受到网络攻击，尤其是恶意数据可能对市场运行造成灾难性后果的攻击。金融风险以及潜在的物理损害越来越引起人们对电力市场可靠运行的担忧。现有的针对市场的网络安全研究侧重于开发攻击策略或检测方案。然而，缺乏网络漏洞分析 (CVA) 阻碍了运营商系统地评估实时 (RT) 市场清算模型并从网络安全角度识别潜在威胁。本文提出了一个全面的 CVA 模型，用于对漏洞的四个方面进行详细分析：高概率网络攻击目标、破坏性攻击目标、风险负载水平、不同防御程度下的缓解能力。用户可以模拟攻击者和防御者在不同攻击事件下的交互，也可以获得相应的市场结算。建议的双层模型通过 Karush-Kuhn-Tucker (KKT) 条件重铸为混合整数线性规划。对 IEEE-30 总线系统的仿真研究证明了所提出的 CVA 模型的准确性和有效性。建议的双层模型通过 Karush-Kuhn-Tucker (KKT) 条件重铸为混合整数线性规划。对 IEEE-30 总线系统的仿真研究证明了所提出的 CVA 模型的准确性和有效性。通过 Karush-Kuhn-Tucker (KKT) 条件将所提出的双层模型重铸为混合整数线性规划。对 IEEE-30 总线系统的仿真研究证明了所提出的 CVA 模型的准确性和有效性。