The U.S. House of Representatives has initiated a significant new mandate within its fiscal 2026 defense bill, tasking the Pentagon with a comprehensive study to develop advanced strategies for countering state-backed cyber threats. This directive, primarily outlined in Section 1543, aims to fundamentally shift the balance of power in cyberspace by enabling the U.S. to impose substantial costs on adversaries targeting defense-critical infrastructure.
Strategic Cost Imposition in Cyberspace
Section 1543 mandates the Under Secretary of Defense for Policy and the Chairman of the Joint Chiefs of Staff to conduct a detailed assessment, with a report due by December 1, 2026. This study is required to evaluate various military capabilities, including offensive cyber operations combined with non-cyber measures, to effectively raise adversary operating expenses and diminish their incentive to attack. The amendment explicitly defines "cost imposition" as actions that generate economic, diplomatic, informational, or military consequences significant enough to alter an adversary’s behavior. Furthermore, the Pentagon is tasked with developing methodologies for selectively revealing or concealing capabilities, identifying high-leverage targets, inventorying relevant Defense Department resources, and ensuring integration with other federal entities, allies, industry, and academia.
Embracing the "SoftWar" Deterrence Model
Intriguingly, while the directive carefully avoids explicit mention of Bitcoin, its framework strongly aligns with Jason Lowery’s "SoftWar" thesis, which conceptualizes proof-of-work as a power-projection system in cyberspace. This approach suggests that by requiring attackers to expend verifiable resources (e.g., computational energy) for certain actions, the economic friction can render large-scale cyberattacks, such as automated spam or brute force, economically unviable. The study will explore how "right-sized" and adaptive proof-of-work can be applied at critical network choke points – such as client puzzles for remote administrative actions or pricing for bulk API access – to convert cheap, automated attacks into a material resource burn for the adversary. This strategic pivot aims to move beyond traditional rate limits, forcing non-spoofable resource consumption and fundamentally altering the attacker's return on investment, thereby bolstering the resilience of defense-critical infrastructure against sophisticated, state-backed threats like the recently identified BRICKSTORM backdoor activity. The initiative emphasizes systematic design choices to turn legislative intent into actionable defensive measures, with ongoing oversight channels and critical-infrastructure tabletop exercises envisioned to refine these cost-imposition strategies.
