"A bit of malicious code can be just as effective as a few tons of TNT."
Think Cylons. Or, if you really want to go old school, think Heinlein's The Moon is a Harsh Mistress. I hope that the DOD is addressing the potential for AI spoofing. Also hoping it won't take a WW2 or two to do so.
It's been apparent to me after holding a TS clearance for more than 52 years with SCI access for half that, is that beyond the IT focus that you are speaking to, we have gotten away from the foundational concept of:
"NEED TO KNOW"
Maybe it was the post 9-11 drive to "tear down walls that prevented info sharing" or the whole "Jointness Uber Alles" mindset, but too many people collect too many tickets and badges for programs they have no earthly reason to need other than ego.
Bradley Manning, a PFC in A-stan had no reason to have access to classified Dept of State cables regarding eavesdropping on the German PM for example. Why some ANG E3 needed SCI info on Ukrainian 155mm stocks? is a 155mm hung on an F-35 now?
Walker was a Chief Warrant Officer. His betrayal was a gut punch and the SOB was allowed to negotiate a less harsh punishment for his son by bargaining a better deal for him in exchange for cooperation. To his dying day, that arrogant POS was proud that he had been a damn good spy. In the aftermath of Walker, as I recall, every Navy man involved in CMS was relieved to never work in it again. CMS was the worst collateral duty. Thank the Lord I was never called to serve other than as an escort to the Chief Radioman on deployment when he had to go ashore to pick up CMS material. When new systems replaced the compromised crypto hardware, we were told to destroy the KWR-37's with a sledgehammer at sea and toss them over the side. We beat them as if they Walker himself.
While on staff duty at CincPacFlt I got granted a TS/SCI and access to the "Blue Room". Was amazed at what I was able to read. Had been granted huge access and read voraciously. But In my heart and mind, I knew for certain that I had no need to know most of what I read. I think they had some computer back in 1982 that sorted message traffic for things it thought were in my purview as a minor assistant to an O-6 NFO EWO in the Readiness section. I'll admit that most of what I read was out of curiosity, and had it been denied to me would not have affected my job one whit.
Final thought. Hillary Clinton was granted a very high level clearance that ended up way beyond her ability or willingness to deal with it. Maybe the Rx for this is more care in NEED TO KNOW, not being so trusting, and the firing squad. (While suffering as an LDO LTjg DIVO for CTM"A" School, the GURL LT DIVO for EW"A" School fell on her sword twice. Secret burn bags had been discovered in the Dempster Dumpster 2 times. My LDO LCDR boss lateraled me over to EW"A" School (my dream job) with the command, "Un-eff that security situation and use an effing ax if you need too." Within a few days my 5"x7" black & white photo had a pink penis drawn on it. I asked my LDO boss to come and take a look at it. He grinned, slapped me on the back and told me to carry on. There were no more security violations. That picture? I have it still.)
My tours as a SIGINT guy were before yours. KL-7 (almost Enigma technology) and KW-7 (it preceded the KW-26, and the KW-37. In an operational setting, burn bags always were under TPC till destruction. Later as an officer and much later as a contractor, I had the dubious pleasure of being in various locations, a TS custodian, COMSEC custodian, and NRAS custodian, all of them were 'zero-defects' jobs and not much fun being on call 24/7 to crack cards and verify messages.
I liked the Company K Marines at NTTC Corry Station. Two of them, a Gunny and a Staff Sergeant, taught in my CTT ELINT course. When the EWCS transferred without a relief, I grabbed the most senior E-7 in that 400+ man division to run EW"A" School. It was the Gunny. 5' 4", great guy. Oh my, the tears those sailors shed. Gunny D____ was like a "fire and forget" weapon. The CO of Company K, a Captain and former Enlisted Marine, became my new best friend because of the new-found bragging rights he got by the Gunny's appointment.
(My first ELINT mission was Cuba in 1966. RDSN (RD-0334), operating the AN/BLR-1, cutting edge 1950's vacuum tube technology. I retired that BLR-1 Operator school in 1989 while at Corry Station.)
When I was at the 8th RRFS Phu Bai in 70-71, we had a Marine Company as part of the Station along with a mixed SIGINT Avn Company. The Marines were doing mostly voice intercepts, but had a very interesting target set.
70-71, was an RD1 shelling the coast in I Corp with 5" and 6" rounds. Tens of thousands of trees, 1 VC with a rifle strapped to his back on a bicycle, 1 water buffalo, 1 tragically bad spot that killed 2 innocent children. Intercepted a Russian-made Counter Battery radar in the DMZ. Biggest thrill of my EW life. Worked with a Marine Major on some experimental NGFS using our 76mm Oto Melara. (total bust). Did some minor work with 1st Radio BN in Hawaii. Called out an armed MarDet on a Carrier when I was a temporary Master-at-Arms for "Gunshots in Supply Berthing". It was very comforting. They had M-14's and 1911's and we had only our charm. (Gah! The mid-70s sucked on a CVA.) If I could name only one emotion when I meet a Marine, it would be envy.
My first assignment as an Ensign was as the relief to CWO Walker. I can tell you that his periodic CMS inspections showed ZERO mistakes, errors, or omissions of required protocols. But I also know, in my mind, how he carried out his selling of crypto codes to the Soviets. After his departure (long before he was discovered), I was talking with one of the junior Radiomen one day. He told me that he thought Walker was a really great guy because on inport night time watches from time to time (one RM on duty) Walker would occasionally relieve the RM “so the RM could get a bit more rest”. What sailor gets enough rest, even inport, right? This gave Walker a great opportunity to copy any of the coding material he wanted. Nothing missing. Nothing apparently out of order. Because he was trusted. Three of my duty stations later, Walker was uncovered. Yes, I called NIS and told them this possible version of the story. Walker violated the most basic of trusts. He sold out U.S. service personnel and got people killed. We know that. I was willing to hang him myself, with no remorse.
Walker spied for 18 years. During that time, because of the crypto key lists he sold, the Soviets were able to read most of our message traffic. The damage he did was immense. Walker died of throat cancer at age 77. Too peacefully IMO. You'd have had plenty of help in the hanging, Commander Gideon.
Since his first treason happened aboard MY ship, and he and I went on liberty together, his actions felt very, very personal. But I appreciate your position as well.
CWO Walker was a former CPO...and you were an Ensign. *shiver* Part of his job was to be a help-mate to new Ensigns. No doubt, when Walker's evil was revealed, it was very, very personal to you. I look at a picture of Walker and think of what Hannah Arendt said in 1961 at Adolf Eichmann's trial in Jerusalem, "It was as though in those last minutes he was summing up the lesson that this long course in human wickedness had taught us – the lesson of the fearsome, word-and-thought-defying banality of evil."
A lot of the recent leaks have been by system administrators. They have to have access to a bunch of stuff they really shouldn't, so they can help people get back in the system who do need the info inside. Ryan Macbeth had a good video on it.
We need to implement "Two person controls" on a number of areas, one of which is obviously the password master file. The insider threat SA will still be able to talk some number of users out of their passwords though.
Better active audit log tracking might be a good job for AI.
Exactly. DoD is doubling down on limiting access to those who 'use' a system or information while doing nothing about the problem - the system administrators. We've had some gems too. One of the current crop is a nightmare; he can't figure out how to lock a safe. Manure will be hitting the fan in the future.
Fully agree on need to know. In my brief foray into the intelligence community, I had access to all kinds of goodies. I think the JWICS message was called 'daily collection summary' or something like that. It was not my business to know which phones were being intercepted, but that sure was interesting. A bit more in my lane to know what ballistic missile test launches we collected on. I had access to much more than I needed.
That's what got me, too, about this ANG E-3. We didn't learn from the last time we gave a non-rate/non-qual, who's been in the org for 5 minutes, open-ended access with ZERO need to know and it blew up in our faces?
If it takes one world war to get security working that seems way too long but it might be okay. If it takes two world wars, I won't matter. There won't be anything left to protect.
Pick one "agency" and do a proof of concept, learn from that. I know nothing about how data is organized and secured in the siprnet - how long would it take to do zero-trust at one agency? At which agency do you start? Does it require hardware - special laptops with no USB ports and keycard readers? If yes, can they go with COTS or does everyone have to have their own acronym? Maybe it would be best to have air gaps between agencies - that would keep that PFC from looking at DOS cables.
About "need to know", "who decides?" If the originator decides, maybe they don't know enough to make a good decision - they include too few people. That is the classic case - if you don't tell anyone, then you get no value from the information. If you tell too many people, the target hears about it and changes stuff so the information half-life drops to nothing and maybe your source ends up in cement overshoes. Seems to me that we pretend to have compartmentalization but the compartments include way too many people - the "information sharing" problem.
How about a central authority? Kim Philby was one step from running the British Secret Intelligence Service and a long term spy for Russia.
IT sysadmins do NOT need to have the credentials to decrypt information stored on their servers.
9/11 has increased the need for moving info out of compartments, but maybe be should return to those prior tenets.
Like the sign at Intel School in San Diego said, "Intelligence, the worlds second oldest profession, with morals and standards just slightly better than the first".
Zero trust also applies to those who provide us information, either via approved 'leaks' or news reports. It applies to talking heads and pundits reporting on the war in Ukraine.
Trust is earned the long way. Unless a know a source well, I'm going to go ahead and assume
Including most all of the US legislative and executive branches of government, and all DoD personnel O-4 and over, or E-5 and higher (or civilian equivalent).
Because they clearly HAVE NOT BEEN DOING THEIR JOB
Compartmentation. We keep trying to push the One Big System that does everything. Which is vulnerable. Compartment things. Put them on separate systems.
We've also got a distribute population that includes people who need to access controlled information from home. There's strides being made, but DoD information systems edifice is so big, and has so many access points, security can be almost impossible.
Otherwise, yes, get back to compartmentalization. If we can start there, the damage from leaks can be reduced.
For most of the Cold War, the Soviets and the West were neck and neck in the secrets race.
Reagan changed that when he unleashed scientists., engineers and designers to create secrets faster than they could be stolen. The Soviets spent themselves into bankruptcy trying to pay for stealing and copying our secrets.
Now it seems we are giving them away for free on internet chat forums.
How do you not trust anything, and require verification of everything, yet not paranoia yourself into paralysis? In a bureaucracy, against a mindset of needing written instructions to do anything at all, high on CYA and never taking initiative, zero trust sounds all-too-ready to be everymans' excuse to do nothing.
If software "engineering" was as rigorously taught, controlled and credentialed as other engineering fields, as it should and inevitably will be, these severe problems would be significantly less.
For example, we don't expect live vehicle traffic be used to test structural integrity and safety of bridges. But that's largely exactly what we're doing with software.
Change is coming but let me tell you, DoD and govts in general are not keeping up or educated widely enough.
Anybody that understands the true state of DOD networks knows how fantasy land zero trust is. DOD classified nets are balkanized into millions of local networks completely isolated from each other. It takes an act of god to even connect two disparate classified networks, let alone control them all from one zero trust system. People think SIPRnet is "THE" classified DOD network, they are legion and none of them talk to each other.
I retired nearly 40 years ago. Before desktop/laptops, mobile phones, internet, social media, & detachable storage. Back then information transfer had to be done by couriers and dead-drops and face-to-face.
These days, the idea that a breach can be contained is hubris; it will be to its users before it’s discovered.
Security will have to start at the front end and limiting access is the most basic defense.
I look at that flow chart and it seems already too complex with too many inputs.
Even back in the day, the Pentagon / Syscom product was the process. No change today it seems..Death by PowerPoint.
"A bit of malicious code can be just as effective as a few tons of TNT."
Think Cylons. Or, if you really want to go old school, think Heinlein's The Moon is a Harsh Mistress. I hope that the DOD is addressing the potential for AI spoofing. Also hoping it won't take a WW2 or two to do so.
It's been apparent to me after holding a TS clearance for more than 52 years with SCI access for half that, is that beyond the IT focus that you are speaking to, we have gotten away from the foundational concept of:
"NEED TO KNOW"
Maybe it was the post 9-11 drive to "tear down walls that prevented info sharing" or the whole "Jointness Uber Alles" mindset, but too many people collect too many tickets and badges for programs they have no earthly reason to need other than ego.
Bradley Manning, a PFC in A-stan had no reason to have access to classified Dept of State cables regarding eavesdropping on the German PM for example. Why some ANG E3 needed SCI info on Ukrainian 155mm stocks? is a 155mm hung on an F-35 now?
The whole mindset needs to be inverted.
Walker was a Chief Warrant Officer. His betrayal was a gut punch and the SOB was allowed to negotiate a less harsh punishment for his son by bargaining a better deal for him in exchange for cooperation. To his dying day, that arrogant POS was proud that he had been a damn good spy. In the aftermath of Walker, as I recall, every Navy man involved in CMS was relieved to never work in it again. CMS was the worst collateral duty. Thank the Lord I was never called to serve other than as an escort to the Chief Radioman on deployment when he had to go ashore to pick up CMS material. When new systems replaced the compromised crypto hardware, we were told to destroy the KWR-37's with a sledgehammer at sea and toss them over the side. We beat them as if they Walker himself.
While on staff duty at CincPacFlt I got granted a TS/SCI and access to the "Blue Room". Was amazed at what I was able to read. Had been granted huge access and read voraciously. But In my heart and mind, I knew for certain that I had no need to know most of what I read. I think they had some computer back in 1982 that sorted message traffic for things it thought were in my purview as a minor assistant to an O-6 NFO EWO in the Readiness section. I'll admit that most of what I read was out of curiosity, and had it been denied to me would not have affected my job one whit.
Final thought. Hillary Clinton was granted a very high level clearance that ended up way beyond her ability or willingness to deal with it. Maybe the Rx for this is more care in NEED TO KNOW, not being so trusting, and the firing squad. (While suffering as an LDO LTjg DIVO for CTM"A" School, the GURL LT DIVO for EW"A" School fell on her sword twice. Secret burn bags had been discovered in the Dempster Dumpster 2 times. My LDO LCDR boss lateraled me over to EW"A" School (my dream job) with the command, "Un-eff that security situation and use an effing ax if you need too." Within a few days my 5"x7" black & white photo had a pink penis drawn on it. I asked my LDO boss to come and take a look at it. He grinned, slapped me on the back and told me to carry on. There were no more security violations. That picture? I have it still.)
My tours as a SIGINT guy were before yours. KL-7 (almost Enigma technology) and KW-7 (it preceded the KW-26, and the KW-37. In an operational setting, burn bags always were under TPC till destruction. Later as an officer and much later as a contractor, I had the dubious pleasure of being in various locations, a TS custodian, COMSEC custodian, and NRAS custodian, all of them were 'zero-defects' jobs and not much fun being on call 24/7 to crack cards and verify messages.
Firing Squad: Pour encourager les autres
I liked the Company K Marines at NTTC Corry Station. Two of them, a Gunny and a Staff Sergeant, taught in my CTT ELINT course. When the EWCS transferred without a relief, I grabbed the most senior E-7 in that 400+ man division to run EW"A" School. It was the Gunny. 5' 4", great guy. Oh my, the tears those sailors shed. Gunny D____ was like a "fire and forget" weapon. The CO of Company K, a Captain and former Enlisted Marine, became my new best friend because of the new-found bragging rights he got by the Gunny's appointment.
(My first ELINT mission was Cuba in 1966. RDSN (RD-0334), operating the AN/BLR-1, cutting edge 1950's vacuum tube technology. I retired that BLR-1 Operator school in 1989 while at Corry Station.)
When I was at the 8th RRFS Phu Bai in 70-71, we had a Marine Company as part of the Station along with a mixed SIGINT Avn Company. The Marines were doing mostly voice intercepts, but had a very interesting target set.
70-71, was an RD1 shelling the coast in I Corp with 5" and 6" rounds. Tens of thousands of trees, 1 VC with a rifle strapped to his back on a bicycle, 1 water buffalo, 1 tragically bad spot that killed 2 innocent children. Intercepted a Russian-made Counter Battery radar in the DMZ. Biggest thrill of my EW life. Worked with a Marine Major on some experimental NGFS using our 76mm Oto Melara. (total bust). Did some minor work with 1st Radio BN in Hawaii. Called out an armed MarDet on a Carrier when I was a temporary Master-at-Arms for "Gunshots in Supply Berthing". It was very comforting. They had M-14's and 1911's and we had only our charm. (Gah! The mid-70s sucked on a CVA.) If I could name only one emotion when I meet a Marine, it would be envy.
My first assignment as an Ensign was as the relief to CWO Walker. I can tell you that his periodic CMS inspections showed ZERO mistakes, errors, or omissions of required protocols. But I also know, in my mind, how he carried out his selling of crypto codes to the Soviets. After his departure (long before he was discovered), I was talking with one of the junior Radiomen one day. He told me that he thought Walker was a really great guy because on inport night time watches from time to time (one RM on duty) Walker would occasionally relieve the RM “so the RM could get a bit more rest”. What sailor gets enough rest, even inport, right? This gave Walker a great opportunity to copy any of the coding material he wanted. Nothing missing. Nothing apparently out of order. Because he was trusted. Three of my duty stations later, Walker was uncovered. Yes, I called NIS and told them this possible version of the story. Walker violated the most basic of trusts. He sold out U.S. service personnel and got people killed. We know that. I was willing to hang him myself, with no remorse.
Walker spied for 18 years. During that time, because of the crypto key lists he sold, the Soviets were able to read most of our message traffic. The damage he did was immense. Walker died of throat cancer at age 77. Too peacefully IMO. You'd have had plenty of help in the hanging, Commander Gideon.
Since his first treason happened aboard MY ship, and he and I went on liberty together, his actions felt very, very personal. But I appreciate your position as well.
CWO Walker was a former CPO...and you were an Ensign. *shiver* Part of his job was to be a help-mate to new Ensigns. No doubt, when Walker's evil was revealed, it was very, very personal to you. I look at a picture of Walker and think of what Hannah Arendt said in 1961 at Adolf Eichmann's trial in Jerusalem, "It was as though in those last minutes he was summing up the lesson that this long course in human wickedness had taught us – the lesson of the fearsome, word-and-thought-defying banality of evil."
This. What you don't know, you can't spill...and can't be accused of spilling. At least not successfully.
Reinforces CDR Salamander Rx:
You need to stop your good stuff from leaking out, and their bad stuff sneaking in.
A lot of the recent leaks have been by system administrators. They have to have access to a bunch of stuff they really shouldn't, so they can help people get back in the system who do need the info inside. Ryan Macbeth had a good video on it.
We need to implement "Two person controls" on a number of areas, one of which is obviously the password master file. The insider threat SA will still be able to talk some number of users out of their passwords though.
Better active audit log tracking might be a good job for AI.
Separating SA and DBA/Apps roles helps
Above Rx already embedded into ISACA-COBIT Standards (Excluded from DoD Procurement Practices)
Also see profile of CJCS (4-Star) Cyber Commander
https://en.wikipedia.org/wiki/Paul_M._Nakasone?wprov=sfti1
These should become Cyber Command “Rules of the Road”
for USG Systems life-cycle IT Governance
https://en.wikipedia.org/wiki/COBIT?wprov=sfti1
Following evolved from prior COBIT lessons learned (2008-2015)
https://en.wikipedia.org/wiki/ISO/IEC_38500?wprov=sfti1
Exactly. DoD is doubling down on limiting access to those who 'use' a system or information while doing nothing about the problem - the system administrators. We've had some gems too. One of the current crop is a nightmare; he can't figure out how to lock a safe. Manure will be hitting the fan in the future.
Fully agree on need to know. In my brief foray into the intelligence community, I had access to all kinds of goodies. I think the JWICS message was called 'daily collection summary' or something like that. It was not my business to know which phones were being intercepted, but that sure was interesting. A bit more in my lane to know what ballistic missile test launches we collected on. I had access to much more than I needed.
That's what got me, too, about this ANG E-3. We didn't learn from the last time we gave a non-rate/non-qual, who's been in the org for 5 minutes, open-ended access with ZERO need to know and it blew up in our faces?
Agree w/ CDR Salamander Rx:
You need to stop your good stuff from leaking out, and their bad stuff sneaking in.
I tend to dig in, sorry.
If it takes one world war to get security working that seems way too long but it might be okay. If it takes two world wars, I won't matter. There won't be anything left to protect.
Pick one "agency" and do a proof of concept, learn from that. I know nothing about how data is organized and secured in the siprnet - how long would it take to do zero-trust at one agency? At which agency do you start? Does it require hardware - special laptops with no USB ports and keycard readers? If yes, can they go with COTS or does everyone have to have their own acronym? Maybe it would be best to have air gaps between agencies - that would keep that PFC from looking at DOS cables.
About "need to know", "who decides?" If the originator decides, maybe they don't know enough to make a good decision - they include too few people. That is the classic case - if you don't tell anyone, then you get no value from the information. If you tell too many people, the target hears about it and changes stuff so the information half-life drops to nothing and maybe your source ends up in cement overshoes. Seems to me that we pretend to have compartmentalization but the compartments include way too many people - the "information sharing" problem.
How about a central authority? Kim Philby was one step from running the British Secret Intelligence Service and a long term spy for Russia.
IT sysadmins do NOT need to have the credentials to decrypt information stored on their servers.
Need to know is the basic reason for access.
9/11 has increased the need for moving info out of compartments, but maybe be should return to those prior tenets.
Like the sign at Intel School in San Diego said, "Intelligence, the worlds second oldest profession, with morals and standards just slightly better than the first".
Zero trust also applies to those who provide us information, either via approved 'leaks' or news reports. It applies to talking heads and pundits reporting on the war in Ukraine.
Trust is earned the long way. Unless a know a source well, I'm going to go ahead and assume
Everything is an op.
Everything is an op.
Now there is wisdom deserving of being carved into stone.
I have a list of 51 people whose security clearance needs to be revoked immediately.
My list is somewhat larger.
Including most all of the US legislative and executive branches of government, and all DoD personnel O-4 and over, or E-5 and higher (or civilian equivalent).
Because they clearly HAVE NOT BEEN DOING THEIR JOB
Once worked for an Army MG who truly was worth his salt…he told our team once that “trust is hard to earn, but can be violated in an instant”…
In other news, McGrath is going to be on the Congressional committee on the future of the Navy! Congrats and thank goodness! https://breakingdefense.com/2023/05/congress-lags-in-setting-up-its-own-future-navy-panel/
Compartmentation. We keep trying to push the One Big System that does everything. Which is vulnerable. Compartment things. Put them on separate systems.
We've also got a distribute population that includes people who need to access controlled information from home. There's strides being made, but DoD information systems edifice is so big, and has so many access points, security can be almost impossible.
Otherwise, yes, get back to compartmentalization. If we can start there, the damage from leaks can be reduced.
Brilliant. And imperative. And RWR said, "Trust, but verify."
Secrets.
Creating them, protecting them, stealing them, copying your enemy's secret weapons.
All of those things take money.
For most of the Cold War, the Soviets and the West were neck and neck in the secrets race.
Reagan changed that when he unleashed scientists., engineers and designers to create secrets faster than they could be stolen. The Soviets spent themselves into bankruptcy trying to pay for stealing and copying our secrets.
Now it seems we are giving them away for free on internet chat forums.
Note: Not related but it's May 10th, so a fullbore story from that day in the air over Okinawa 1945. LTC Klingman passed away back in 2004. https://www.marines.mil/News/News-Display/Article/584583/story-of-bob-drummer-pilot-legend/
How do you not trust anything, and require verification of everything, yet not paranoia yourself into paralysis? In a bureaucracy, against a mindset of needing written instructions to do anything at all, high on CYA and never taking initiative, zero trust sounds all-too-ready to be everymans' excuse to do nothing.
If software "engineering" was as rigorously taught, controlled and credentialed as other engineering fields, as it should and inevitably will be, these severe problems would be significantly less.
For example, we don't expect live vehicle traffic be used to test structural integrity and safety of bridges. But that's largely exactly what we're doing with software.
Change is coming but let me tell you, DoD and govts in general are not keeping up or educated widely enough.
If carpenters built buildings like programmers wrote software, the first woodpecker to come along would destroy civilization.
Anybody that understands the true state of DOD networks knows how fantasy land zero trust is. DOD classified nets are balkanized into millions of local networks completely isolated from each other. It takes an act of god to even connect two disparate classified networks, let alone control them all from one zero trust system. People think SIPRnet is "THE" classified DOD network, they are legion and none of them talk to each other.
I retired nearly 40 years ago. Before desktop/laptops, mobile phones, internet, social media, & detachable storage. Back then information transfer had to be done by couriers and dead-drops and face-to-face.
These days, the idea that a breach can be contained is hubris; it will be to its users before it’s discovered.
Security will have to start at the front end and limiting access is the most basic defense.
I look at that flow chart and it seems already too complex with too many inputs.
Even back in the day, the Pentagon / Syscom product was the process. No change today it seems..Death by PowerPoint.
Truth: Still NO new lessons learned from prior After-Action Report’s (AAR).
Dx: Institutional failure to adapt OODA Loop feedback into new systems design efforts.
See diagram embedded here:
https://en.wikipedia.org/wiki/David_C._Richardson_(admiral)?wprov=sfti1