SS7 is from an era when big phone companies all trusted each other and interconnected without any of the modern crypto or authentication built into a modern network.
It's not like these are long-term government employees, they are taking big paycuts in anticipation of getting private sector gigs later.
1) Most of the spam calls are spoofing numbers, so it doesn't really matter who issued the numbers.
2) Spam calls could come from overseas numbers instead, I've certainly gotten a few. I'd rather they come from US numbers, so at least when people call back, they're not paying an arm and a leg for the call if they don't realize the number is non-US.
However, there are many companies, especially overseas, that either deliberately shirk these duties or simply lack the funds, technology, and infrastructure to authenticate the sources of telephone calls. The result is something akin to IP address spoofing.
Without imposing major infrastructure overhauls on foreign nations, there's little the US government can do to eliminate these problems.
What can be done though, is monitoring for massive calling patterns at the PSTN level, but big telcos are not interested/incentivized in stopping Robocalls because it generates a lot of $$ when the calls travel over the legacy phone network.
When Twilio gets a $100k fine for abuse of the $1/mo number, they'll govern the behavior of their customer better and probably eliminate 80% of the bad actors in hours. You could also modify the regulation of interstate carriers to make it expensive to spam entire exchanges with junk calls, or even require licensing to utilize the PSTN. (Which allows you to punish licensees for bad behavior.)
These are all solvable problems, big companies respond quickly to sticks and over time to carrots.
What am I missing?