The NSA says that about 1/3 of their budget is put towards protecting US government systems and data (though there is no way to verify that). It is extremely difficult for them to even attempt to protect non-governmental systems. The NSA was involved in SELinux, and designed the SHA family of hash functions. This, along with their certification of various cryptographic standards as acceptable for government use, seems to me to be about all they could do defensively without requiring them to have access to private systems and data.