Abstract. Smart grid security has many facets, ranging over a spectrum from resisting attacks aimed at supervisory and control systems, to end user privacy concerns while monitored by the utility enterprise. This multi-faceted problem also includes vulnerabilities that arise from deployment of local cyber-physical attacks at a smart metering location, with a potential to a) manipulate the measured energy consumption, and b) being massively deployed aiming at destabilisation. In this paper we study a smart metering device that uses a trusted platform for storage and communication of metering data, and show that despite the hard core security, there is still room for deployment of a second level of defence as an embedded real-time anomaly detector that can cover both the cyber and physical domains.