The House's new fiscal year 2026 defense bill directs the Department of Defense to develop options to impose costs on state-sponsored hackers who target defense-critical infrastructure in cyberspace.
Section 1543 of the House amendment, highlighted by Jason Lowry, would direct the Under Secretary of Defense for Policy and the Chairman of the Joint Chiefs of Staff, in consultation with other federal agencies, to study how military force can increase costs to adversaries and reduce incentives to attack, with a briefing and report to be submitted by December 1, 2026.
The study should evaluate offensive cyber operations, both in isolation and in combination with non-cyber countermeasures, according to a House Armed Services Committee document. There is a need to develop methodologies for selectively revealing or concealing capabilities.
This mission is precise in scope and outcome.
The Department of Defense is tasked with assessing adversary capabilities and intentions, identifying targets that would be affected by cost imposition, prioritizing targets, inventorying relevant DoD capabilities and investments, and integrating with other agencies, allies, industry, and academia.
The study should also review legal and policy authorities for tailored response options, including measures for pre-positioning in critical networks. The proposed amendment defines an imposed cost as an action that has economic, diplomatic, informational, or military consequences sufficient to change an adversary's behavior.
Is the Department of Defense secretly investigating Bitcoin's military capabilities?
Although the directive is not about Bitcoin, it formalizes a cost imposition framework in line with Jason Lowry's SoftWar theory, which frames proof of work as a power projection system in cyberspace.
Additionally, the document deliberately avoids Bitcoin's explicit name, opting instead for broader language about “proof of work” and the imposition of costs in cyberspace.
This omission may be intentional. Vague terminology limits what outsiders can infer about capabilities, goals, or operational intent.
This warning also relates to Lowry's own history. He has previously deleted posts and withdrawn his publication slot, and last October, SoftWar itself became the subject of an official security review, underscoring that some of this discourse was already classified.
Previous reports have presented SoftWar as a national security principle rather than just a cryptocurrency story, with its central argument being that proof-of-work could put a price on exploitation and make certain types of cyberattacks largely uneconomical.
A review of security and policy papers from the Department of the Army (formerly the Department of Defense) incorporated this concept into actual policy discussions, and subsequent coverage of the proposed U.S. Bitcoin defense policy described a mutually assured destruction approach that uses reliable energy-backed costs as a deterrent.
Michael Saylor’s public adjustment strengthened the doctrinal framework, characterizing Bitcoin as a digital defense system and an internet-scale cost imposition layer.
The immediate context for Section 1543 is the Chinese state-sponsored activity advisory campaign, which emphasizes the long-term persistence of virtualized control plane activities.
Cybersecurity agency links BRICKSTORM backdoor to long-running VMware breach
According to Reuters, government agencies in the United States and Canada have warned that Chinese-aligned operators have used custom Go-based BRICKSTORM backdoors to VMware vSphere, vCenter, and ESXi to establish persistent access for lateral movement and potential sabotage, including in cases where access spanned from April 2024 to September 2025.
Department of the Army malware analysis and CISA reports indicate that this tradecraft is consistent with prepositioning that could be activated for disruption. Section 1543 is intended to design ways to impose costs on that action, including options to combine offensive cyber operations with non-cyber tools.
SoftWar's lenses turn legal language into system design choices.
If the goal is to increase operational costs for attackers, right-sized adaptive proof-of-work is a candidate for control at high-risk interfaces.
This may include rate limiting remote management actions, pricing bulk API access, or client puzzles to gate unusual RPC calls involving systems supporting shipyards, warehouses, and bases.
Selective exposure can signal thresholds that trigger costly verification along the attacker's path, while concealment can quietly drain automated campaigns by converting cheap replay into consumption of material resources.
Our coverage of AuthLN, a proof-of-work-based authentication pattern that puts a price on login fraud, showed how economic frictions change an attacker's return on investment at the point of contact, providing a micro-example of SoftWar economics at work.
The report related to this proposed amendment will play an important role in its implementation.
Section 1545 requires the Mission Assurance Coordination Board to report annually on defense-critical infrastructure cyber risks and mitigation efforts and creates oversight channels that can surface where cost imposition is most severe.
The Section 1093 Critical Infrastructure Tabletop Exercise calls out the civilian dependencies that support the defense mission: energy, water, traffic control, and incident response. These locations are ideal for piloting proof-of-work pricing access against traditional price caps, especially at public-facing locations and cross-domain chokepoints where bots have a cost advantage.
For practitioners, Section 1543 creates a short-term modeling agenda that blends doctrine and engineering.
One effort is to quantify the attacker's cost per action across authentication, management, and service endpoints when applying adaptive proof of work.
Another is to measure the half-life of public burns and adversary duration after concurrent sanctions or export controls, using residence time windows as a proxy for elevated operating costs. Third, once the investigation begins, we will track the doctrine's traction by counting official uses of “impose costs” or “impose costs” in DoD and CISA artifacts.
| metric | what can be captured | Where to apply | Partnership with SoftWar |
|---|---|---|---|
| Attacker cost per 1,000 gate actions | Incremental cost to perform login/API/administrative actions under proof of work | Remote management, password reset, bulk API, abnormal RPC | Automation loses cost advantage due to price abuse |
| Remaining half-life after burns in public places | Time from recommendation to eviction and equipment changes | Virtualized control plane, identity provider, OT gateway | Measure capital and time costs imposed on adversaries |
| Policy traction index | Frequency of language imposing costs in official deliverables | Department of Defense, CISA, ONCD Publications and Pilots | Signs of institutional adoption of cost design |
The most common objection to proof-of-work is energy overhead. The system considered here is not a global puzzle strung across all endpoints.
The design space is right-sized and adapts proof-of-work with key challenges. Negative ROI for attackers provides significant defensive benefits. This is exactly what the cost levy mandate requires the Department of Defense to consider.
Rate limiting and CAPTCHA already exist. However, it does not force the attacker to use non-spoofable resources. SoftWar's premise is that priced actions overcome friction, turning cheap spam and heavy-handedness into measurable costs.
The AuthLN pattern provides one blueprint for how such pricing can fit into existing authentication stacks without reinventing upstream architectures, in line with Section 1543's encouragement for integration with other institutions, industry, and academia.
The forward-looking scenario for 2026 arises directly from the statutory mandate.
A pilot that dynamically applies proof-of-work stamps to high-risk actions within defense-critical infrastructure dependencies will test economical DDoS mitigation and abuse-resistant controls.
Strategies of public grilling and sanctions for alternative disclosures, such as Brickstorm, aim to force adversaries to regroup while synchronizing diplomatic and economic tools. A federated code with cost-imposing language could formalize persistent economic friction against spam and mass automation on public sector endpoints, complementing temporary takedowns with durable deterrents.
Each movement is tracked against the metrics listed above and reported through the MACB channel established in Section 1545.
Section 1543 provides that the Secretary of the Army (formerly the Department of Defense) shall conduct a study on the use of military capabilities to increase the cost to adversaries of targeting defense-critical infrastructure in cyberspace.
It defines imposed costs as actions that produce economic, diplomatic, informational, or military consequences sufficient to change an adversary's behavior. The deadline for submitting the report is December 1, 2026.
