By TOM LoBIANCO and STEVE PEOPLES
WASHINGTON (AP) — Encrypted messages. Two-factor authentication. Real-time monitoring of social media for malicious internet bot activity. This is the new reality for candidates running in 2018, scared of email hacks and elaborate misinformation schemes like the ones Russia used to disrupt the 2016 campaign.
And many candidates say they're concerned they can't rely on Congress or the White House for advice, or protection.
"Since many in Washington continue to bury their head in the sand over the dangers our Democracy faces, our campaign has taken deliberate steps to guard against cyberattacks by mandating extensive security measures," said Gareth Rhodes, a Democrat running for an upstate New York House seat. He said he's put his campaign staff through training on how to identify phishing and hacking attempts.
The horror of 2016's hacked emails is still fresh for most operatives. Democratic lawmakers saw their cellphone numbers splashed online. Democratic National Committee chairwoman Debbie Wasserman Schultz resigned before the convention. The hacks even prompted a North Carolina man to storm a Washington pizzeria with an assault rifle, based on an internet conspiracy theory that started with Clinton campaign chairman John Podesta's emails.
Since then, the Democratic Senatorial Campaign Committee has been hosting cybersecurity briefings for its candidates and staff, pushing campaigns to use encrypted messaging and two-factor authentication. The National Republican Congressional Committee, or NRCC, has hired multiple cybersecurity staffers to work with its candidates and promises to do more.
"We're starting to advise campaigns, but we're not ready to roll the whole thing out. We're working on it," NRCC Chairman Steve Stivers said this week. "We're working on the technology-based stuff to try and make sure that we know what's out there — which is hard, too — and then we try to defend against it the best we can."
Leaders with the Democratic Congressional Campaign Committee and the NRCC negotiated last year on a coordinated defense against hacks and cyberattacks, but the talks crumbled last summer amid accusations from both sides of grandstanding on the issues, according to Democratic and Republican officials familiar with the effort. The officials spoke on condition of anonymity to discuss private negotiations.
Jason Rosenbaum, the former head of digital advertising for Hillary Clinton's presidential campaign, likened the average congressional campaign to how Rocky Balboa of the '80s blockbuster movie "Rocky IV" was doing a bare-bones training regime in an isolated cabin in the frozen tundra and clearly was outgunned by Russian prizefighter Ivan Drago.
"Drago had unlimited state resources, and House campaigns are like Rocky, pushing tree logs in the snow," said Rosenbaum, who also worked previously in Google's elections and issues department.
Special counsel Robert Mueller only heightened these concerns when he revealed an intricate misinformation campaign run out of Russia, which used fake identities, set up rallies in America and rushed protesters into the streets on both sides of the divide.
The deeper problem, say cybersecurity experts advising campaigns, is that while hacks and phishing attempts can be blocked, misinformation is more amorphous and harder to curtail.
Supporters of Virginia Democratic Gov. Ralph Northam may offer the best example of what can, and cannot, be done.
In the homestretch of the Virginia governor's race last year, a Democratic group aired an explosive ad showing a white man in a pickup truck with a waving Confederate flag chasing four black, Hispanic and Muslim kids through a leafy suburban neighborhood.