They should assume it will be attacked and design in such a way that recovery from attack is nearly instantaneous while damage from an attack is controlled. Self healing basically is what is needed.

The Internet is only one attack vector. So how can the damage of an attack be controlled? First you need a way to easily and quickly detect an attack. Then you need counter measures for any possible attack scenario.

Manual override for example, or the ability to reconstruct critical software that has been damaged, or the ability to have artificial diversity so every vehicle is slightly different so that one attack method doesn't work on every model.

I don't think Internet connectivity by itself is the problem or the solution. I think whatever flaws a remote attacker can exploit via Internet connectivity can be exploited in other settings provided there is the possibility of input in general. This could be locally or remotely exploited and the same problems would remain, but a lot can be done.

Formal verification of the code to the critical portions of the vehicle.
Artificial diversity so that each vehicle has a slightly different protocol arrangement yet can accomplish the same tasks.
Validation and security on all inputs.
Tamper resistance and detection.
Manual override.
Self healing or recovery where a vehicle can reconstruct it's firmware or securely update it by connecting to other vehicles or to the Internet depending on the set up.

These are just some ideas off the top of my head. Bug free code is difficult to write but not impossible. NASA manages to do it so it would require a similar effort. Artificial diversity has been shown already by DARPA. Self healing networks or disruption tolerant networks are both possible as well.