The NHTSA published an updated draft guide

This draft guide will introduce a new “Cybersecurity Best Practices” guideline for the Safety of Modern Vehicles. 

The main reason for this updated guideline is to support industry-led efforts to improve the cybersecurity state of the industry. It should be able to provide NHTSA’s views on how the automotive industry can effectively develop and apply sound, risk-based cybersecurity management processes throughout the lifecycle of the vehicle. 

Furthermore, these guidelines are intended to apply to all organizations involved in the development, design, manufacturing, and assembly of a motor vehicle and its electronic systems and software. This shall include, but not be limited to, designers, suppliers, manufacturers, and modifiers of small and large series of motor vehicles and motor vehicle equipment. 

In the updated version of the Guideline, the Authority revised all references to the ISO/SAE 21434 standard, to accurately reflect the Final version of the industry standard in question. The agency also added a new technical practice for preventing firmware attacks. This involves the use of „best practice‘s“ for communicating critical information over shared and possibly insecure channels. The NHTSA then added a definition of “global symmetric key” and “recovery” to the “Terms and Descriptions” section. 

The texts of the Regulation can be consulted HERE.