“They went online and downloaded free software from the black-hat hacker community,” said Dr. Andrew Brown, Jr., vice president and chief technologist for Delphi Automotive, whose company hosted the hackathon at its Troy, Mich., facility. “Actually, most of the auto executives were there to identify new recruits.”

Brown, speaking at the Center for Automotive Research’s breakfast symposium last week on “Connected and Automated Vehicles and the Security Threat,” said that people didn’t want to believe that cars were really that vulnerable to cyberattack. “Unfortunately, this is not going to be a Y2K thing where we all spend a ton of money and time preparing and then nothing happens,” Brown said. “This is real.”

If the potential for vehicle cyberattack wasn’t on the public’s radar before, it is now. A Feb. 8, 2015 report on CBS’s “60 Minutes” showed correspondent Lesley Stahl’s frightened response as Department of Defense cyber-warrior Dan Kaufman hacked into a vehicle she was driving. Kaufman was able to take control of the vehicle’s wipers, horn and even its brakes — at one point, causing Stahl to smash through a row of orange cones where she was trying to stop.

You don’t need a Hollywood moviemaker’s imagination to picture what a cyberattack on a fleet of Internet-connected vehicles could look like.

“The automotive industry needs to get at understanding what our vulnerabilities are,” said Delphi’s Brown. “We must assure the integrity of our products.”

Sounds simple enough — but not when you consider that the average car contains up to 120 engine control units and onboard computers as well as more than 300 million lines of software code. Today’s vehicles already contain enough bandwidth to receive a tremendous amount of potentially malicious data, and with consumers’ love of luxury connectivity features in their cars, that bandwidth is only going to grow larger — as will the security dangers that come along with it.

In fact, as the Internet of Things continues to rapidly evolve — connecting our smartphones, our cars, our home appliances, our electronics, our digital wallet and everything else into one big, happy network — eventually, no one will be free from a potential cyberattack.

“We have to bring connected vehicles to this ecosystem,” said Dr. Anuja Sonalker, lead scientist and program manager for Battelle. “Otherwise, hackers will simply springboard off a car’s hackable systems as a launchpad into other systems where they can do more damage.”

Connected cars are leading us quickly down the path to autonomous vehicles. Considering that Brown says automated cars — where the driver has little or no driving responsibilities — will be upon us within a decade, the concern about vehicle cyberattack must remain at the forefront of the national cybersecurity conversation.

At the Center for Automative Research symposium, Kevin Kerrigan, senior vice president of the automotive office for the Michigan Economic Development Corporation, said Governor Rick Snyder, R-Mich., is driving a defense for cyberwar in cars by building Michigan’s talent pool of cyber-trained experts. “Michigan wants to own this space,” Kerrigan said, referring to cybersecurity in today’s cars as well as the automated vehicles of the near future. “Our highest priority is securing the safety of people using these vehicles and systems.”

Automated vehicle safety will come in the form of built-in intelligent decision making, said Frost & Sullivan’s research manager for automotive and transportation, Praveen Narayanan, who also spoke at the symposium. “There will be an extreme amount of redundancies in vehicle systems, where if this system goes wrong then there are multiple options in other onboard systems to take over,” he explained. “Of course, all of this requires software, which means even more things we must protect.”

And we mustn’t forget, he said, that cyberattack on a car or fleet of cars is only one form of assault. “For right now, forget your car,” Narayanan said. “It’s the back-end systems connected to your vehicle that are the easiest to hit. We need to focus on protecting the back end where data breaches and other kinds of individual privacy is at risk.”

Although Narayanan identifies up to 18 clear attack points in the modern car — think remote keyless entry, onboard infotainment systems and airbags — the more likely target in the near-term is not a bad guy trying to take control of your car, but rather a sophisticated cybercriminal looking to hack the back-end systems and download personal data that can be converted to a much bigger pay-off.

“All cars are hackable, but that’s not the point,” said Sonalker. “Hackers are after much bigger scale, like what happened at Target. People with malicious intent will not waste time and resources on individual cars.”

IBM engineering solutions executive Brett Hillhouse, an expert on the Internet of Things, said the fact that everyone from teenagers to black-hat hackers can gain control of wireless systems in the vehicle shows that there are some very basic security standards being ignored in the software security infrastructure. “These steps are being left out in the collaboration between automakers and their suppliers,” Hillhouse said. “Engineers are not being taught how to write requirements for what happens when a new function and its processor are added to a vehicle. They aren’t taught to think of the unintended consequences.

“We need to build systems that can immediately recognize when another system has been hacked, so that these other systems can go into protection mode,” he said.

And as much as we may not want to admit it, kids like the friendly 14-year-old CyberAuto Challenge hacker may be the key. “We’ve got to start teaching our youth to think offensively about hacking,” said Jennifer Tisdale, defense and homeland security business development manager for the Michigan Economic Development Corporation. “Other countries like China do, but American parents don’t want to encourage that behavior in their children.

“But we need young people trained to think like that so that they can make our white-hat hacker community more robust and useful,” she added. “We need young people to help us determine the vulnerabilities of our systems.”

The experts seem to agree that for now, consumers should not panic about the potential for someone to remotely access control of their cars. However, automakers do have to worry about it — and right away.

“When you consider that a car’s development cycle is around three years, you’ve got to think about what our world will be like four or five years from now when automotive cybersecurity may be our number-one issue,” said Delphi’s Brown. “If we don’t start with the cyber issue now, we will be behind.”

For the time being, Battelle’s Sonalker said if consumers want luxury connectivity in their vehicles, they have a role to play by asking for responsible technologies. “And they need to understand that with this connectivity, we are opening up a lot of doors,” she said.

One thing likely to be on the other side of one of those doors is automated vehicles — and there’s a lot to think about there too.

“My grandmother didn’t drive at the beginning of her adult life, and now, I think my grandkids won’t drive at the end of their adult lives,” said Dr. Michael Grieves, a research professor at the Florida Institute of Technology and a NASA consultant. Although people love to drive and even though there are security risks, Grieves said we have to look at it as an advantage because automated vehicles could eliminate about 90 percent of the car crashes caused by human error each year.

Of course, someone’s got to control the automated vehicle infrastructure, and perhaps it should be government because it’s an issue of national security. “If someone could suddenly induce cars to crash all over the nation, that’s an act of war,” said Grieves. “At that point, you’re talking about millions of lives.”

Admittedly, the threats and vulnerabilities are moving targets, but Grieves would suggest that if we can do well with the security issues and regulations, the benefits outweigh the risks. “But we have to do this in reverse of how personal computers were developed,” Grieves said. “We can’t rush to market first and then worry about the bugs later.”

Whatever the bad guys’ agenda, it’s obvious that tomorrow’s hackers who access cars to infect the Internet of Things could also be interested in “causing cars to behave dangerously or even maliciously,” said Sonalker. “There’s no way that we can prevent what’s going to come, but we had better learn to manage it.”

Carla Kalogeridis is special reports editor for the Washington Examiner