The issue I see is that an attacker only needs to crack into one device that is connected to both the "public" and the critical networks. When he gets that far, he can spoof messages on the critical network and all bets are off.
This isn't "only". To start with, you can't just start sending frames on most modern Aircraft buses, there are a lot of integrity checks, and every path needs to be programmed.
But lets assume for a moment (highly unlikely), that someone succeeds. Every action will most likely set of an alarm or alert in the cockpit. Lets assume someone manages to manipulate the autopilot. Pilots will simply switch off the autopilot, all it takes is one click. There are "manual" back-up instruments in the cockpit. Problem solved.