I remember thinking in the 90s "no one would be stupid enough to put safety critical computer systems on a network at all..."
And, here we are.
If someone gave me a blank sheet of paper and asked me to sketch out the system for a car's braking controller, I'd slap down a CPLD or microcontroller, and have it use some locked firmware to read the various sensors and send out the control signals.
Oh, they want networking? I'd isolate or use the inherent properties of a CPLD/FPGA programmed in combinatorial logic style (you can program a CPLD/FPGA to act like a microcontroller instead which is vulnerable)
In combinatorial logic style, all the processing is through various gates, and is a boolean combination of flip flops and logic gates. So, say they want the ability to read(but not alter) the current state of the vehicle's brakes. A tiny communication processor (a low pin count PIC is one choice) would receive from the vehicle's CAN bus the command to give the vehicle's brake state. The communication processor would toggle high an outpin pin connected to an input pin on the microcontroller/CPLD that actually controls the brakes. That high pin state would mean that every few control loop cycles, the microcontroller/CPLD would blast out the current state on a serial output pin.
Note that there's no opportunity for a hacker who got into that communication processor to do any worse than toggle a pin on and off. No effect on the steering/braking.
Ok, maybe now we want to be able to change the "style" of steering and braking. So now there's a finite set of legal states that are stylistically desirable. That's when you'd isolate with the inherent property of an FPGA/CPLD state machine to not be capable of any other states BUT the states you defined. (there's no global memory and no stack, so nothing a hacker can do to affect the machine's behavior)