This paper investigates methods to secure Remote Terminal Units (RTUs) which are the building blocks of a smart grid systems - the next generation version to replace the power grid systems that are being used today. RTUs are identified as the heart of automation and control (SCADA) systems by the systems engineers. As such, security and maintaining nominal operability of such devices has prime importance, especially for the industrial automation networks such as the smart grid. A way of measuring the security of systems and networks is executing a series of cybersecurity weakness assessment tests called penetration testing. Another way of such an assessment is called vulnerability analysis by threat modelling which involves careful investigation and modelling of each and every component of a network/system under investigation. This article, aims at marrying these two methodologies for the vulnerability assessment of the RTUs in a methodological and scientific way.