There is only one logical/rationale option of restricting and limiting the serious damage that hacker's cause via access to the USA internet system including government, business, military, and citizens, and that option is completely BLOCK all internet traffic coming into the US. At first glance, you may say What!! Not possible. But wait, it is, and perhaps it will require legislation and the cooperation of every internet provider, but the benefits outweigh any negative impact when you consider the implications to national security, access to our power grid, military installations, our financial systems etc. The idea is not the end of internet traffic to the US, but access can be gained only one way, and that is by providing DHS with a specific indicator, designed by and operated thru DHS that can provide universal verification of the foreign ISP, its name, location and other criteria that will be verified and confirmed before DHS authorizes and allows access. I realize it will take time to develop, but its something DHS, NSA, CIA, FBI, FCC and others should work on collaborately to build and implement. The US has a poor system of checks and balances with regard to malicious attacks by Hackers, and vogue states, ie Iran, N Korea.
In addition, thos agencies above, should work together to develop the means by which any hacker attempting to flood the US market with malicious worms, will be immediately hit with a system destroying virus that is undetected, can not be blocked, and will destroy their entire system once activated