Such a "law" already exists in some countries
I know that where we are, we're legally in the clear if we mount a DDoS on networks that seek to hack our infrastructure, provided we preserve the evidence. However, the problem is that traffic is easy to fake, either at IP level if you're not concerned about return traffic, or via proxy through a hacked resource like a breached WP site, so we could end up being used to zap an innocent entity who just has rubbish security. You may consider that deserved, but that's not how we tick.
The funny thing is that if other countries implement such a measure, the US will get blasted from all over the place given how often US companies and government get breached.
The recipe is thus:
1 - re-hack OPM and install a proxy
2 - hack whitehouse.gov
3 - as bonus, maybe hack trump<anything>.com
4 - point them at each other
5 - buy popcorn and watch the show.
Where did all the smart people go? Canada?