The U.S. government is due for a "major" cyberattack within the next 12 months and is unprepared to counter the threat, according to a poll of IT managers by the Business Software Alliance (BSA).

This time, it isn't the relatively uninformed opinion of the general public concerned over the security of government information, as a December 2001 poll revealed, but IT professionals in the business world -- the individuals who protect sensitive information on a daily basis.

The poll was conducted after Congress issued a failing grade to federal computer security efforts in November 2001. Results were released Tuesday.

The "BSA Cyber Security Survey" found that more than half of those polled think a major attack is likely within the next year. The survey polled corporate IT managers around the country for their views on the readiness of government networks. The results show businesses have little faith in U.S. preparedness.

According to Robert Holleyman, BSA president and chief executive officer, the threat has, if anything, grown since the events of 9/11. He called on President Bush and his administration to seek help from the business world to secure government intranets and Internet sites.

"It is critical that the Bush Administration and Congress move quickly on their commitments both financial and philosophical to secure this nation and its critical infrastructure," he said. "And as an industry that is developing the systems necessary to secure our country's complex information networks from terrorists and other attackers, we stand ready to help them follow through on those commitments to secure the resources and develop policies that promote a safe and legal online world."

Ipsos Public Affairs, a Parisian subsidiary of Ipsos Research, conducted the survey of 395 IT professionals earlier this month, in a variety of business sectors. The results show, among other things, that 85% of respondents think the government should devote as much or more time than they did on the Y2K "crisis," where fears ultimately were proved unwarranted.

Other results show:

  • By a margin of 10 to one, IT managers are more likely to say government security measures are "not at all" adequate than extremely adequate.
  • 72% of respondents felt there was a gap between the government's preparedness and the threat of cyberattack.
  • 96% feel the government should deploy some form of encryption to sensitive data so information is protected even in the event of a break-in.

U.S. networks have been the recipients of a number of highly publicized network breaches this year. A couple of teenage hackers calling themselves the "DeceptiveDuo" made it their mission to break into military Web servers and publish the information contained within the databases.

Before getting apprehended by the Federal Bureau of Investigations after only several weeks on the job, PimpShiz and The Rev had hacked into more than a dozen military, government and financial Web servers. In the case of the U.S. Navy, the pair broke into a supposedly secure server, published the contents of a database, helped military IT staff repair the breach, and then broke into another Navy server two weeks later.