You might have heard reports that an asteroid about 1.2 miles wide is headed for planet earth with a projected impact date of February 1, 2019. If the asteroid were to hit our planet, we would cease to worry about corporate malfeasance, al Qaeda, or computer viruses.

The thought of suffering the same fate more or less as the dinosaurs did 65 million years ago is obviously troubling and cause for self-reflection, but we likely have a reprieve from extinction. The asteroid experts are confident that their current calculations will prove to be errant. The latest threat analysis by asteroid watchers puts the odds at one in 200,000 that the space rock will collide with earth.

I get the same sense of trepidation when considering the specter of cyberterrorism. Experts are predicting dire consequences if the public and private sectors don't get their security act together. Trade associations, government agencies, and others are scrambling to come up with preventive guidelines, public policy, and technology that stay one or two steps ahead of the bad guys. Government and the private industry are under pressure to share more information about vulnerabilities, but companies have been less than forthcoming in sharing their dirty laundry.

Unfortunately, securing the U.S. network infrastructure may be more problematic than diverting a space object that unambiguously obeys the laws of physics. Asteroid 2002 NT7 is one nasty, big rock but, as some scientists have speculated, planting a rocket engine or solar sail on the surface could divert the asteroid if it doesn't alter its course by some other means during the next 17 years. (Don't ask me how. I presume they have seen the movie Armageddon).

The burgeoning network, on the other hand, consists of billions of nodes and is growing at a rapid rate. It encompasses home users, businesses of every size, universities as well as federal, state and local governments. By the end of the decade, everything from servers and phones to refrigerators and cars could be IP-enabled. That exponential growth of IP-networks and devices over the next few years will make the global infrastructure more vulnerable to cyber attacks.

Lately, I have been inundated with reports about the high probability of attacks in the coming months or years that could wipe out petabytes of vital data or completely disrupt critical infrastructure services such as the transportation system or power grid.

In a Congressional briefing last week, Rep. Lamar Smith (R-Texas) predicted a 50 percent chance that an al Qaeda terrorist attack would include a cyber attack, causing billions of dollars in damage and loss of life.

These warnings are not overstated. The potential of cyberterrorism to cause catastrophic disruption and destruction is increasing. In the last year, the number of cyber attacks has grown at a frightening pace, and most go unreported. While the warnings are getting louder and more urgent, most companies are unprepared to deal with such an attack.

According to a recent survey by the Business Software Alliance, 47 percent of corporate network administrators believe that U.S. businesses will be attacked in the next year and 45 percent believe their company is unprepared.

Gap between awareness and action
It's clear that terrorists and other organizations intent on wreaking havoc cannot be eliminated, and that the gap between awareness and action needs to be filled. If you haven't appointed someone as the chief of security or created a team to address the issues systematically, you are behind the curve and playing with fire.

A number of organizations are beginning to publish guidelines that can help you develop preventive procedures and policies, as well as contingency plans in the event of an attack. Last week, for example, The Internet Security Alliance published its "Common Sense Guide for Senior Managers: Top Ten Recommended Information Security Practices." The guide identifies 10 basic security practices and provides executives with the key questions they should be asking the technical staff about risk management.

Similarly, the National Association of State Chief Information Officers (NASCIO), an association representing chief information officers of the U.S. states, published a report entitled "Public-Sector Information Security: A Call to Action for Public-Sector CIOs." This report also contains 10 recommendations, and addresses the specific management and technology issues relative to public sector IT security.

The National Institute of Standard and Technology (NIST) has also issued publications on managing wireless security and on security awareness and training guidance.

The Critical Infrastructure Protection Board, appointed by President Bush last year, is expected to publish its security recommendations on Sept. 19. The CIPB report, which focuses on major infrastructure such as transportation, healthcare, telecom, energy and water, will include guidelines for vulnerability assessment, intrusion detection, auditing, and other methodologies.

Technology continues to become more pervasive in our daily lives and within the fundamental building blocks that support modern commerce and life support systems. Similar to the work preceding the Y2K millennium bug, progress will be made in fits and starts. But now is the time for assessment and action, not just awareness. A worst-case scenario might not be that much different than a piece of Asteroid 2002 NT7 slamming into the continental U.S.

What do you think? Are the cyberterror warnings overstated? How is your organization addressing these issues? Leave a message in our TalkBack forum or write me at dan.farber@cnet.com.