We introduce a model for the operational costs of an electric distribution utility. The model focuses on two of the new services that are enabled by the Advanced Metering Infrastructure (AMI): (1) the fine-grained anomaly detection that is possible thanks to the frequent smart meter sampling rates (e.g., 15 minute sampling intervals of some smart meter deployments versus monthly-readings from old meters), and (2) the ability to shape the load thanks to advanced demand-response mechanisms that leverage AMI networks, such as direct-load control. We then study two security problems in this context. (1) In the first part of the paper we formulate the problem of electricity theft detection (one of the use-cases of anomaly detection) as a game between the electric utility and the electricity thief. The goal of the electricity thief is to steal a predefined amount of electricity while minimizing the likelihood of being detected, while the electric utility wants to maximize the probability of detection and the degree of operational cost it will incur for managing this anomaly detection mechanism. (2) In the second part of the paper we formulate the problem of privacy-preserving demand response as a control theory problem, and show how to select the maximum sampling interval for smart meters in order to protect the privacy of consumers while maintaining the desired load shaping properties of demand-response programs.