As more automated vehicles (AV) come to market in the U.S., teleoperation, which may include features such as remote driving and/or remote assistance, can aid the AV with navigating scenarios that are beyond its current capabilities. Teleoperation systems can become increasingly more useful as AVs accrue more miles driven. This is evident through business initiatives, such as driverless robotaxis deployed in urban areas, and with autonomous commercial motor vehicles (CMV) used to transport cargo on highways. The longer AVs are on the road, the potential for them to encounter complex and obscure driving scenarios increases. If an AV encounters one of these scenarios and is unable to safely and properly navigate a situation, a remote human driver can intervene and assist the AV.

Although AVs are learning and evolving rapidly, they cannot yet manage every scenario they may encounter on the roadway such as complex construction zones, obscure roadway and traffic conditions, intricate shipping yards or warehouses, and other potential hazards or events that require safety critical decision-making, planning, and maneuvering. Depending on the type of teleoperation system used, a human operator may be able to provide remote driving or assistance under certain scenarios. In remote driving, the remote human operator is responsible for the dynamic driving task. Remote assistance differs because the automated driving system (ADS) maintains control of the vehicle and is responsible for object and event detection and response (OEDR) while a remote human operator provides decision making and/or path planning to assist the ADS.

The U.S. DOT Volpe Center, in partnership with the Intelligent Transportation Systems Joint Programs Office (ITS JPO) and technical support from FMCSA, performed a cybersecurity analysis of a notional teleoperation system. The notional teleoperation system was developed through research and discussions between government subject matter experts and industry developers within the cybersecurity and automative field. The collaborative effort involved applying the industry standard ISO/SAE 21434:2021–Road Vehicles–Cybersecurity Engineering on a CMV waypoint guidance teleoperation system to produce an assessment comprised of a system definition, threat analysis and risk assessment, and a cybersecurity concept. A waypoint guidance teleoperation system lets the ADS-equipped CMV control the vehicle and is responsible for OEDR while a remote human operator provides waypoints to the ADS-equipped CMV to follow when it encounters a scenario it cannot navigate on its own.

The U.S. DOT Volpe Center team applied cybersecurity expertise, knowledge in advanced vehicle systems, and advanced understanding of both automated driving systems and CMVs to identify potential cybersecurity considerations for teleoperation systems. The team defined the teleoperation system’s functions, preliminary architecture, and boundaries, then analyzed potential realistic attack scenarios to identify potential vulnerabilities that could harm roadway users. The U.S. DOT Volpe Center team also identified principal attack paths spanning physical and remote access vectors to both the teleoperation control center and autonomous CMVs.

The analysis revealed at least six different types of teleoperation control types, variations on control type, driving mode (drive or assist), and potential use cases. Within the notional waypoint guidance teleoperation system, the U.S. DOT Volpe Center team identified more than 90 different scenarios that pose a cybersecurity threat. Drawing from these results, the U.S. DOT Volpe Center team developed a cybersecurity concept that describes high‑level mitigations, yielding 24 potential mitigation measures focused on secure communications, authenticated access controls, hardening of remote‑operator workstations, and resilience strategies for command-and-control channels. Through more collaboration between government experts and industry developers, these 24 potential mitigation measures could be refined and implemented to help safeguard a teleoperation system from cyber threats and maintain vehicle and road user safety. They provided recommendations to ITS JPO that prioritized mitigations aimed at reducing potential attacks and impacts that aligned with operational constraints for commercial trucking.

A final draft report was delivered to ITS JPO in January 2025 that documents the system architecture, threat analysis, risk profiles, and recommended cybersecurity strategies. The report informs potential users of teleoperation systems in CMVs by providing actionable guidance for designing, evaluating, and operating teleoperation systems more securely.

Teleoperations can play a critical role in advancing automated CMV operations, but they introduce unique cybersecurity challenges across control centers, communications networks, and vehicle endpoints. By applying vehicle‑industry standards and leveraging expertise in advanced vehicle systems and communications, the U.S. DOT Volpe Center helps stakeholders anticipate attack vectors, prioritize risk reduction, and integrate cyber‑resilient practices into teleoperation design and deployment—supporting safer, more secure adoption of emerging technologies.

About the U.S. DOT Volpe Center

Since 1970, the U.S. DOT Volpe Center has advanced transportation innovation for the public good, providing multimodal applied research, collaborating with federal, state, and industry partners, and multidisciplinary technical leadership and expertise to solve complex transportation challenges. Learn more at www.volpe.dot.gov.