A start, but...
No, lets start with $500k for failing such a penetration test, and go upwards from there. Only if profits are seriously threatened will those morons who decide to make everything software-controlled (by the cheapest code monkeys they can find) start to get the message.
And yes, I have designed control systems and even written code for an engine management computer project in the distant past. So I'm no Luddite, but someone with a heightened sense of how critical such systems are and how piss-poor most designs end up.
Rule #1 no external connection unless ABSOLUTELY necessary. There is no necessity for brakes, steering and throttle control to be externally accessed.
Rule #2 have hardware & software with no single point of failure.
Rule #3 software is never 100% trustworthy, so have hardware limits, watchdogs and cut-outs that can override ANY software command.
Rule #4 big red switch for power. That stops EVERYTHING if needed.
<edited to add>
Rule #5 don't trust something that has not been independently audited. Not even your own code.