Has Congress quietly forced the Department of War to use Bitcoin to bankrupt Chinese hackers?
The House’s new fiscal 2026 protection invoice directs the Pentagon to develop choices to impose prices on state-backed hackers who goal defense-critical infrastructure in our on-line world.
Section 1543 of the chamber’s modification orders the Under Secretary of Defense for Policy and the Chairman of the Joint Chiefs of Staff, highlighted by Jason Lowery, in session with different federal entities, to examine how navy capabilities can elevate adversary prices and scale back incentives to assault, with a briefing and report due by Dec. 1, 2026.
According to the House Armed Services Committee text, the examine should consider offensive cyber operations on their very own and together with non-cyber measures. It should develop methodologies for selectively revealing or concealing capabilities.
The mandate is exact in scope and outcomes.
The Pentagon is tasked with assessing adversary capabilities and intent, figuring out targets the place price imposition would have leverage, prioritizing aims, inventorying related Defense Department capabilities and investments, and integrating with different companies, allies, trade, and academia.
The examine should additionally assessment authorized and coverage authorities for tailor-made response choices, together with actions in opposition to pre-positioning in important networks. The modification defines imposing prices as actions that ship financial, diplomatic, informational, or navy penalties ample to change the adversary’s conduct.
Pentagon secretly exploring Bitcoin’s navy energy?
While the directive will not be about Bitcoin, it formalizes a cost-imposition framework that aligns with Jason Lowery’s MushyWar thesis, which frames proof-of-work as a power-projection system in our on-line world.
Further, the doc goes out of its approach to keep away from explicitly naming Bitcoin, opting as a substitute for broader language about “proof-of-work” and value imposition in our on-line world.
That omission could also be deliberate: protecting terminology obscure would restrict what outsiders can infer about capabilities, targets, or operational intent.
The warning additionally tracks with Lowery’s personal historical past; he has beforehand deleted posts and walked again public framing, and MushyWar itself was positioned underneath an official security review final October, underscoring that elements of this discourse have already been handled as delicate.
In prior reporting, MushyWar has been offered as a national security doctrine, not only a crypto narrative, with the core declare that proof-of-work can value abuse and make sure courses of cyberattacks uneconomical at scale.
A Department of War (previously Defense) safety and coverage assessment of the thesis positioned the idea into the reside coverage debate, and subsequent protection of a proposed U.S. Bitcoin nationwide protection coverage described a Mutually Assured Destruction method that makes use of credible, energy-backed prices as a deterrent.
Michael Saylor’s public alignment characterised Bitcoin as a digital protection system, an internet-scale cost-imposition layer, reinforcing the doctrinal framing.
The speedy context for Section 1543 is an advisory marketing campaign on Chinese state-sponsored exercise that highlights the long-term persistence of virtualization control-plane exercise.
Cybersecurity companies hyperlink BRICKSTORM backdoor to long-running VMware compromise
According to Reuters, U.S. and Canadian companies warned that PRC-linked operators used a customized Go-based BRICKSTORM backdoor in opposition to VMware vSphere, vCenter, and ESXi to set up sturdy entry for lateral motion and potential sabotage, together with a case the place entry spanned from April 2024–September 2025.
Department of War malware analysis and CISA’s report point out that the tradecraft is per pre-positioning that might be activated for disruption. Section 1543 goals to design methods to impose prices on that conduct, together with choices that mix offensive cyber operations with non-cyber instruments.
MushyWar’s lens turns the statutory language into system design selections.
If the purpose is to elevate attacker working bills, then right-sized, adaptive proof-of-work turns into a candidate management at high-risk interfaces.
That can embrace shopper puzzles that rate-limit distant administrative actions, pricing bulk API entry, or gating anomalous RPC calls that contact techniques supporting shipyards, depots, and bases.
Selective reveal may sign thresholds that set off pricey verification on the attacker’s path, whereas concealment may quietly drain automated campaigns by changing low cost replay into materials useful resource burn.
Our protection of AuthLN, a proof-of-work-based authentication sample that costs login abuse, confirmed how financial friction adjustments attacker return on funding at the level of contact, offering a micro instance of MushyWar economics at work.
The modification’s associated reporting rails matter for execution.
Section 1545 requires annual Mission Assurance Coordination Board reporting on defense-critical infrastructure cyber danger and mitigations, creating an oversight channel that may floor the place cost-imposition would chunk the hardest.
Section 1093’s critical-infrastructure tabletop workout routines name out power, water, site visitors management, and incident response, the civilian dependencies that underpin protection missions. Those venues are appropriate for piloting proof-of-work-priced entry in opposition to conventional price limits, particularly at public-facing or cross-domain choke factors the place bots have a value benefit.
For practitioners, Section 1543 creates a near-term modeling agenda that blends doctrine and engineering.
One line of effort is to quantify attacker price per motion throughout authentication, administration, and repair endpoints when adaptive proof-of-work is utilized.
Another is to measure the half-life of adversary persistence after public burns and synchronized sanctions or export controls, utilizing dwell-time home windows as a proxy for raised working prices. A 3rd is to observe doctrinal traction by counting official makes use of of ‘impose prices’ or ‘cost-imposition’ in DoD and CISA outputs as soon as the examine is underway.
| Metric | What it captures | Where to apply | MushyWar tie-in |
|---|---|---|---|
| Attacker Cost per 1,000 gated actions | Incremental price to execute login/API/admin actions underneath proof-of-work | Remote admin, password resets, bulk API, anomalous RPC | Prices abuse so automation loses price benefit |
| Persistence half-life after public burn | Time from advisory to eviction and retooling | Virtualization management planes, id suppliers, OT gateways | Measures capital and time prices imposed on adversary |
| Policy traction index | Frequency of cost-imposition language in official outputs | DoD, CISA, ONCD issuances and pilots | Signals institutional adoption of price design |
The commonest pushback in opposition to proof-of-work is the power overhead. The techniques contemplated right here usually are not international puzzles plastered throughout each endpoint.
The design house is right-sizing and adapting proof-of-work at important choke factors, the place tipping attacker ROI damaging yields outsized protection advantages, which is strictly what a cost-imposition mandate asks the Pentagon to take into account.
Rate limits and CAPTCHAs exist already; nonetheless, they don’t pressure non-spoofable useful resource burn on the attacker. MushyWar’s premise is that priced actions beat friction, changing low cost spam and brute pressure into measurable expense.
The AuthLN sample provides one blueprint for a way such pricing can match into current authentication stacks with out reinventing upstream structure, aligning with Section 1543’s encouragement to combine with different companies, trade, and academia.
Scenarios to watch over the 2026 horizon circulate immediately from the statutory tasking.
A pilot that attaches dynamic proof-of-work stamps to high-risk actions inside defense-critical infrastructure dependencies would check financial DDoS mitigation and abuse-resistant administration.
A public burn-and-sanctions playbook for an additional BRICKSTORM-like disclosure would goal to pressure the adversary to retool whereas synchronizing diplomatic and financial devices. Coalition norms that use cost-imposition language may formalize a persistent financial friction in opposition to spam and mass automation at public-sector endpoints, complementing episodic takedowns with sustained deterrence.
Each transfer could be tracked in opposition to the metrics above and reported by way of the MACB channel set by Section 1545.
Section 1543 states that the Secretary of War (previously Defense) shall conduct a examine on the use of navy capabilities to enhance the prices to adversaries of concentrating on defense-critical infrastructure in our on-line world.
It defines imposed prices as actions that produce financial, diplomatic, informational, or navy penalties ample to change adversary conduct. The report is due Dec. 1, 2026.
The publish Has Congress quietly forced the Department of War to use Bitcoin to bankrupt Chinese hackers? appeared first on CryptoSlate.
