Every data packet of information travelling across the internet should be required to contain accurate information regarding its origin and destination. This way, malicious or inaccurate information could be traced and its authors punished.
Certain websites should at least have the possibility to ask for such information like point of origin of any data packet received, and perhaps other relevant information.
Spoofing, on any medium, should naturally be illegal.
Internet connected devices should require the user to set their own password. At the very least such products should not come with preset, default, generic passwords.
The penalty for merely accessing an unauthorized account should be a minimum of $100 per account compromised.