Abstract: With the wide deployment of communication devices and the continuous development of information technologies, the cyber risk faced by the the new power system cannot be ignored. This paper proposes an emergency fault screening method considering cyber risks whose process is an attacker penetrating through a remote maintenance configuration interface provided by an equipment vendor and then sending commands to circuit breakers through intelligent electronic devices（IEDs） to cause multiple line trips. First, the generalized stochastic Petri net is adopted to model the dynamic process of the substation under cyber attack and calculate the steady-state probability of different abnormal states in the substation. Then, a definition of the risk to power systems from IED cyber attacks is given, and a two-layer mixed-integer nonlinear model is built to screen the substations, IEDs,and their controlled lines that are likely to be attacked. Finally, based on the dual theory and the combination of log-taking,piecewise linearization and other linearization methods, the two-layer model is transformed into a single-layer mixed-integer linear optimization model which can be directly solved by the commercial solver Gurobi. The case analysis results based on IEEE RTS 24-bus system and IEEE 118-bus system validate the effectiveness of the proposed method, and prove that the classical N-K and probabilistic N-K two-layer mixed-integer optimization models are not suitable for fault screening in IED cyber-attack scenarios.