Even cheap cars have a dedicated powertrain/brake/ABS CAN bus. Separate buses are then interconnected via a gateway.

New cars do, but that has not always been the case. The rapid shift to hard bus separation happened after this incident:

https://www.eetimes.com/hacked-jeep-whom-to-blame/

My car (2014) has seven or so different CAN busses, with a gateway in between. Whether that constitutes a different "network" or not can be argued, but at least something that brings the entertainment CAN bus down, be it just by e.g. shorting it, won't (easily) bring down the other busses.

>... CAN is one of the least secure BUS's imaginable.

Can you elaborate on this?

No security or authentication. IIRC, any attached device has full control over the physical layer by design. I don't really see why this is a problem in a car with isolated buses for safety-critical components.

Yeah... that's like saying a car has a security risk because someone can go in the wheel well and slash the brake lines...

Yeah, that is a security risk

We choose to ignore it because it's rarely exploited, but by that logic, we should just ignore all zero-days.

Many newer vehicles contain systems, OEM and/or after-market, that are permanently connected to the internet via cellular modem. Other systems with insecure RF tech used for various gimmicks. Other systems that communicate with external and potentially malicious devices like chargers. Etc. Most of these systems have enough access to (in)directly destroy or booby trap the car. My car is able to receive ECU(!), firmware, software updates OTA from the manufacturer. These critical systems are just as "closed" or "isolated" as cloud-enabled "CCTV." Scary stuff.