The House’s new fiscal 2026 defense bill directs the Pentagon to develop options to impose costs on state-backed hackers who target defense-critical infrastructure in cyberspace.
Section 1543 of the chamber’s amendment orders the Under Secretary of Defense for Policy and the Chairman of the Joint Chiefs of Staff, highlighted by Jason Lowery, in consultation with other federal entities, to study how military capabilities can raise adversary costs and reduce incentives to attack, with a briefing and report due by Dec. 1, 2026.
According to the House Armed Services Committee text, the study must evaluate offensive cyber operations on their own and in combination with non-cyber measures. It must develop methodologies for selectively revealing or concealing capabilities.
The mandate is precise in scope and outcomes.
The Pentagon is tasked with assessing adversary capabilities and intent, identifying targets where cost imposition would have leverage, prioritizing objectives, inventorying relevant Defense Department capabilities and investments, and integrating with other agencies, allies, industry, and academia.
The study must also review legal and policy authorities for tailored response options, including actions against pre-positioning in critical networks. The amendment defines imposing costs as actions that deliver economic, diplomatic, informational, or military consequences sufficient to change the adversary’s behavior.
Pentagon secretly exploring Bitcoin’s military power?
While the directive is not about Bitcoin, it formalizes a cost-imposition framework that aligns with Jason Lowery’s SoftWar thesis, which frames proof-of-work as a power-projection system in cyberspace.
Further, the document goes out of its way to avoid explicitly naming Bitcoin, opting instead for broader language about “proof-of-work” and cost imposition in cyberspace.
That omission may be deliberate: keeping terminology vague would limit what outsiders can infer about capabilities, targets, or operational intent.
The caution also tracks with Lowery’s own history; he has previously deleted posts and walked back public framing, and SoftWar itself was placed under an official security review last October, underscoring that parts of this discourse have already been treated as sensitive.
In prior reporting, SoftWar has been presented as a national security doctrine, not just a crypto narrative, with the core claim that proof-of-work can price abuse and make certain classes of cyberattacks uneconomical at scale.
A Department of War (formerly Defense) security and policy review of the thesis placed the concept into the live policy debate, and subsequent coverage of a proposed U.S. Bitcoin national defense policy described a Mutually Assured Destruction approach that uses credible, energy-backed costs as a deterrent.
Michael Saylor’s public alignment characterized Bitcoin as a digital defense system, an internet-scale cost-imposition layer, reinforcing the doctrinal framing.
The immediate context for Section 1543 is an advisory campaign on Chinese state-sponsored activity that highlights the long-term persistence of virtualization control-plane activity.
Cybersecurity agencies link BRICKSTORM backdoor to long-running VMware compromise
According to Reuters, U.S. and Canadian agencies warned that PRC-linked operators used a custom Go-based BRICKSTORM backdoor against VMware vSphere, vCenter, and ESXi to establish durable access for lateral movement and potential sabotage, including a case where access spanned from April 2024–September 2025.
Department of War malware analysis and CISA’s report indicate that the tradecraft is consistent with pre-positioning that could be activated for disruption. Section 1543 aims to design ways to impose costs on that behavior, including options that combine offensive cyber operations with non-cyber tools.
SoftWar’s lens turns the statutory language into system design choices.
If the goal is to raise attacker operating expenses, then right-sized, adaptive proof-of-work becomes a candidate control at high-risk interfaces.
That can include client puzzles that rate-limit remote administrative actions, pricing bulk API access, or gating anomalous RPC calls that touch systems supporting shipyards, depots, and bases.
Selective reveal could signal thresholds that trigger costly verification on the attacker’s path, while concealment could quietly drain automated campaigns by converting cheap replay into material resource burn.
Our coverage of AuthLN, a proof-of-work-based authentication pattern that prices login abuse, showed how economic friction changes attacker return on investment at the point of contact, providing a micro example of SoftWar economics at work.
The amendment’s related reporting rails matter for execution.
Section 1545 requires annual Mission Assurance Coordination Board reporting on defense-critical infrastructure cyber risk and mitigations, creating an oversight channel that can surface where cost-imposition would bite the hardest.
Section 1093’s critical-infrastructure tabletop exercises call out energy, water, traffic control, and incident response, the civilian dependencies that underpin defense missions. Those venues are suitable for piloting proof-of-work-priced access against traditional rate limits, especially at public-facing or cross-domain choke points where bots have a cost advantage.
For practitioners, Section 1543 creates a near-term modeling agenda that blends doctrine and engineering.
One line of effort is to quantify attacker cost per action across authentication, administration, and service endpoints when adaptive proof-of-work is applied.
Another is to measure the half-life of adversary persistence after public burns and synchronized sanctions or export controls, using dwell-time windows as a proxy for raised operating costs. A third is to track doctrinal traction by counting official uses of ‘impose costs’ or ‘cost-imposition’ in DoD and CISA outputs once the study is underway.
| Metric | What it captures | Where to apply | SoftWar tie-in |
|---|---|---|---|
| Attacker Cost per 1,000 gated actions | Incremental cost to execute login/API/admin actions under proof-of-work | Remote admin, password resets, bulk API, anomalous RPC | Prices abuse so automation loses cost advantage |
| Persistence half-life after public burn | Time from advisory to eviction and retooling | Virtualization control planes, identity providers, OT gateways | Measures capital and time costs imposed on adversary |
| Policy traction index | Frequency of cost-imposition language in official outputs | DoD, CISA, ONCD issuances and pilots | Signals institutional adoption of cost design |
The most common pushback against proof-of-work is the energy overhead. The systems contemplated here are not global puzzles plastered across every endpoint.
The design space is right-sizing and adapting proof-of-work at critical choke points, where tipping attacker ROI negative yields outsized defense benefits, which is exactly what a cost-imposition mandate asks the Pentagon to consider.
Rate limits and CAPTCHAs already exist; however, they do not force non-spoofable resource burn on the attacker. SoftWar’s premise is that priced actions beat friction, converting cheap spam and brute force into measurable expense.
The AuthLN pattern offers one blueprint for how such pricing can fit into existing authentication stacks without reinventing upstream architecture, aligning with Section 1543’s encouragement to integrate with other agencies, industry, and academia.
Scenarios to watch over the 2026 horizon flow directly from the statutory tasking.
A pilot that attaches dynamic proof-of-work stamps to high-risk actions within defense-critical infrastructure dependencies would test economic DDoS mitigation and abuse-resistant administration.
A public burn-and-sanctions playbook for another BRICKSTORM-like disclosure would aim to force the adversary to retool while synchronizing diplomatic and economic instruments. Coalition norms that use cost-imposition language could formalize a persistent economic friction against spam and mass automation at public-sector endpoints, complementing episodic takedowns with sustained deterrence.
Each move can be tracked against the metrics above and reported through the MACB channel set by Section 1545.
Section 1543 states that the Secretary of War (formerly Defense) shall conduct a study on the use of military capabilities to increase the costs to adversaries of targeting defense-critical infrastructure in cyberspace.
It defines imposed costs as actions that produce economic, diplomatic, informational, or military consequences sufficient to change adversary behavior. The report is due Dec. 1, 2026.
The post Has Congress quietly forced the Department of War to use Bitcoin to bankrupt Chinese hackers? appeared first on CryptoSlate.
