I get that. But how much forward thinking does it take?
Back in the 80's or early 90's when "Drive by wire" was the buzzword and old timers were saying they'd never drive a car that didn't have physical linkages, how much forward thinking would it have taken for regulators to say controls system circuitry needs to be completely isolated from other systems in the car? Something like this would still apply today and maybe we wouldn't be seeing these issues.
a lot. You can start by looking up if any of these old timers raised anything remotely similar to that concern. Remember how insanely unprotected the Internet was in the beginning? How SMTP basically still is? That was build by some of the smartest people in the world, and they didn't have the foresight to predict that there might be adversaries, and thus build (in retrospect, quite simple) protections in.
Also, those old timers were wrong about drive by wire, there is zero evidence that it's any less safe than physical linkages.
One of the reasons it would have been extremely difficult to predict, is that the phenomenon of consumer devices having a general purpose computer (and that this might be connected to the rest of the car), much less one networked in any sense, as its interface is pretty new.
I guarantee you that engineers warned PM's about this kind of thing from the start.
>Also, those old timers were wrong about drive by wire, there is zero evidence that it's any less safe than physical linkages.
Let's distinguish drive-by-wire from FADEC (or what amounts to a poor-version of FADEC). An electronic throttle is fine. An electronic throttle that cannot be overridden by a casual user not. It's the implementation that's problematic.
> controls system circuitry needs to be completely isolated from other systems in the car
What would they define 'other systems' as? Back then carphones were pretty new, and the height of technology, and a car 'computer' was a trip mileage counter and mpg calculator. Amy definition would either be rooted in the technology of the time, and therefore not handle new breakthroughs and inventions, or be so vague as to be unenforceable, I suspect. They would have to be pretty far forward thinking to have envisaged high bandwidth Internet connections or wireless data links, as inputs to the car systems, let alone the amount of compute power that is now routine in vehicles.
The sorts of things that are going to enforce safety here are going to be produced by the car industry engineering standards bodies eventually, but it will take time. Many of the concepts, like CAN-bus firewalls, data diodes and filters are already present in high-assurance avionics networks and (post STUXNET) in process control systems. Note that it took STUXNET for people to realise that vulnerability, now the industry is working on solutions, but so far no power stations or chemical plants have exploded. We are in the same place with vehicle security now.
