The exponential growth of the Internet of Things in recent years has created an ever larger cyber attack surface, introducing new security vulnerabilities for all computerized systems. Among the most significant of those systems are industrial control systems (ICS) consisting of many cyber physical components, and smart grids are a prominent example of ICS, whose failures have potential to cause major disruptions in all aspects of our daily lives. In this paper, we provide an overview of smart grid cybersecurity standards, and review major threats to smart grid environments at the physical, network and application layers. In order to overcome the current lack of standards for security evaluation of smart grids, we propose a digital twins based approach for the complete lifecycle of a smart grid, which accurately models the functioning of the physical grid and avoids service disruptions caused by running security tests on the actual grid. A digital twins based approach is promising to provide a common ground for the development of standardized models for continuous and comprehensive penetration testing of smart grids.