"It's not rocket science to trace IP data to bad actors"
Actually, no it's not. It's only easy when the bad actors are known and have static assignments that are publicly available. There are a lot of easy technologies that make it next to impossible to identify bad actors, hence why any time you report being hacked or breached to authorities, they basically just say OK and move on. Making it even more difficult are the honeypots that bad actors create that are technically reverse honeypots to attract authorities while they use other means to carry out attacks. There are a huge amount of issues with finding bad actors. And once they are found, it takes them a few minutes to migrate their acting to hot nets that allow them to spin up their bad activities by a flip of a switch.
And even when they do find them, it's next to impossible to do anything about it if they are in a foreign country. So if there is a critical technology that people rely on to do something, and you just block people from using it...now you have a people problem. Let's say Huawei is bad and one day they perform a world-wide attack. If that infrastructure is in place to service millions of cell towers, what are you going to do...just turn them off and leave people without cell service?