The attacks you describe have not been demonstrated. A CAN-ID attack requires that you'd get access to the bus from a programmable device that isn't firewalled from the bus, which doesn't exist. Malicious packages are also filtered out. Packet filters are tested exhaustively (which is possible because CAN isn't too complex). There is a router between the busses, but that is tested exhaustively as well before production. (Again, relying on personal information by a VW engineer. I hope he had no reason to make up stuff.)