Cooperative Adaptive Cruise Control (CACC), a promising Vehicular Ad-hoc Network (VANET) application, automates transportation and improves efficiency. Vehicles form a platoon, following a leader, with their controllers automatically adjusting velocity, based on messages by other vehicles, to keep appropriate distances for safety. Towards deploying secure CACC, several proposals in academia and standardization leave significant questions unanswered. Thwarting adversaries is hard: cryptographic protection ensures access control (authentication and authorization) but falsified kinematic information by faulty insiders (platoon members with credentials, even the platoon leader) can cause platoon instability or vehicle crashes. Filtering out such adversarial data is challenging (computational cost and high false positive rates) but, most important, state-of-the-art misbehavior detection algorithms completely fail during platoon maneuvering. In this paper, we systematically investigate how and to what extent controllers for existing platooning applications are vulnerable, mounting a gamut of attacks, ranging from falsification attacks to jamming and collusion;  including two novel attacks during maneuvering. We show how the existing middle-join and leave processes are vulnerable to falsification or 'privilege escalation' attacks. We mitigate such vulnerabilities and enable vehicles joining and exiting from any position (middle-join and middle-exit). We propose a misbehavior detection system that achieves an F₁ score of ≈87 on identifying attacks throughout the lifetime of the platoon formation, including maneuvers. Our cyberphysical simulation framework can be extended to assess any other driving automation functionality in the presence of attackers.