This document discusses cybersecurity and critical infrastructure protection for DocomUSA facilities. It notes that computers are crucial to DocomUSA's refining operations, distribution networks, and other systems. While computer systems run critical infrastructure, many were not designed with security in mind and are vulnerable. The document outlines DocomUSA's efforts to enhance cyber and physical security through critical infrastructure protection activities. It also reviews studies and interviews conducted to develop DocomUSA's cybersecurity protocols to defend against attacks and protect all critical assets.

1. CyberSecurity for Critical Infrastructure Protection of DocomUSA facilitiesCompiled by Terry L. EasleyProprietary and Confidential1

2. Computers are crucial to DocomUSA refining operations , distribution networks, feedstock delivery and credit card verification system. Computers and networks essentially run the critical infrastructures that are vital to DocomUSA.Proprietary and Confidential2

3. Unfortunately, many computer systems and networks were not designed with security in mind. As a result, the core of our critical infrastructure is riddled with vulnerabilities that could enable an attacker to disrupt operations or cause damage to these infrastructures. Proprietary and Confidential3

4. DocomUSA Critical infrastructure protection (CIP) involves activities that enhance the security of our company’s cyber and physical infrastructure. Defending against attacks on our digital and analog information technology. CyberSecurity and Global Satellilte Tracking of critical assets.—is a major concern of DocomUSA.Proprietary and Confidential4

5. DocomUSA Security has reviewed previous studies on cybersecurityand critical infrastructure protection, including those from the National Research Council, the CERT® Coordination Center (CERT/CC), the Institute for Information Infrastructure Protection (I3P), the National Institute of Standards and Technology (NIST), and GAO. We have accessed various data collection instruments to interview representatives of several critical infrastructure sectors, as identified in national strategy documents. We have reviewed transcripts of meetings with officials from the Department of Homeland Security’s (DHS) Information Analysis and Infrastructure Protection (IAIP) directorate to discuss their efforts in organizing and coordinating critical infrastructure protection activities. Proprietary and Confidential5

6. In addition, information was gleaned from meetings held with representatives of the National Science Foundation (NSF), NIST, the National Security Agency (NSA), the Advanced Research and Development Activity, the Infosec Research Council, and DHS’s Science and Technology directorate to discuss current and planned federal CyberSecurity research efforts. Representatives from two Department of Energy national laboratories, Sandia National Laboratories and Lawrence Livermore National Laboratory, and from Software Engineering Institute's CERT/CC were also consulted.Proprietary and Confidential6

7. Interviews were conducted of CyberSecurity researchers from academic institutions (Carnegie Mellon University, Dartmouth College, and the University of California at Berkeley) and corporate research centers (AT&T Research Laboratories, SRI International, and HP Laboratories).The DocomUSA Cyber Security Protocols are based on our analysis of information obtained from these and other sources. DocomUSA Security includes physical protection and cyber protection of all critical assets. 7Proprietary and Confidential7

8. DocomUSA Solution SetsPowered by: Proprietary and Confidential8

9. Supported Communication ArchitecturesPowered by Proprietary and Confidential9

10. What is Machine to Machine (M2M)? communications consist of: using a device(e.g., sensor, meter, etc.)

11. to capture an "event" (e.g., temperature, inventory level, location, environment status, etc.),

12. relayed through a network(e.g., wireless, wired or hybrid)

13. to an application(software program),

14. translating the captured event into meaningful information (e.g., there is a breach, corrosion requires attention, items need to be restocked, an accident has occurred, etc.)