"The harmonization effort has the potential to reduce duplication of effort and allow more effective implementation of information security controls across interconnected systems," says GAO's Gregory Wilshusen.
"We're asking those providers to meet our requirements, not the other way around," Michigan CIO Kenneth Theis says, referring to a cloud-computing framework that, in part, defines the security features the state demands its vendors to furnish.
"We raised the profile of the issue," says Jim Lewis, director and senior fellow at the Center for Strategic and International Studies. "Now, nobody won't say cybersecurity isn't a problem, and that's a positive thing."
"What we are trying to do in Michigan is to set the framework, which means that these cloud solution providers meet our requirements, not the other way around," says Ken Theis, director of the state Department of Technology, Management and Budget.
Despite efforts to tighten security to prevent such digital invasions, the military understands such breaches could still occur, which led Lynn to say the military must develop and train its cyber defenders to act in a degraded information environment.