A tri-level framework for flexibility-enabled resilience enhancement of cyber-physical power systems with high renewable energy penetration under coordinated attacks

The increasing intelligence and interconnection of power systems have heightened their vulnerability to coordinated cyber-physical attacks (CPAs), especially under high renewable energy penetration. Although prior tri-level studies have introduced inner-level binary indicators for fault propagation, they seldom model the deep peak-shaving states of thermal power units (TPUs), which limits system flexibility under CPAs. To cope with this, a tri-level robust optimization framework is developed to enhance the resilience of cyber-physical power systems against CPAs. In the pre-event stage, the defender optimizes the proactive hardening of critical components and the configuration of energy storage systems in a collaborative manner. In the in-event stage, cyber intrusion and cyber-induced fault propagation models are incorporated with consideration of renewable energy uncertainty to characterize system operational disruptions. In the post-event stage, system resilience is enhanced by deploying repair crews to restore compromised transmission lines and protection relays. The defender aims not only to minimize unserved energy, but also to reduce the maintenance costs of TPUs and renewable energy curtailment, thus providing a more comprehensive resilience enhancement mechanism than prior studies. The resulting problem is a tri-level mixed-integer program, driven by inner-level binary variables for energy storage charging/discharging and TPU deep peak-shaving states. Simulations based on the IEEE test cases demonstrate that the proposed method significantly improves system resilience against coordinated CPAs by integrating defense resources, flexible dispatch resources, and repair crews, thus establishing a unified resilience enhancement mechanism that extends the formulation of existing tri-level models.