A couple reasons. One is that 0day vulnerabilities have no defense. There is no way to defend against certain vulnerabilities.

The second is that there are no international rules of conduct that apply to cyber warfare. After the Georgia/Russia event there was an effort to pass agreements in NATO but AFAIK nothing came of it.

The third is that that a successful attack usually means the victim remains in a compromised state for months or years (look up advanced persistent threat).

Finally, it's also usually the case that cyber attacks go completely undetected.

> the reason for defending something is because something is worth defending

Right, well the NSA does engage in defense as well. There's just less that can be done. There are hundreds of millions of devices in America with an extremely long tail of software/update state and configuration, saying nothing of networks. There's a ton to protect and even protecting small amounts is costly. This is one of the main reasons companies (and governments) are looking to the cloud - you can consolidate your threat area if you concentrate operations and run broadly the same configuration/state across many systems.

> thing being defended often includes a higher-moral-ground

But this is espionage and sabotage. It's dirty business. I don't think it's a good thing. I don't really advocate for it. I'm just here explaining the broader context of the Snowden disclosures and this article. If you missed it there was a link containing 37 other countries that have cyberwar programs (the list is not exhaustive).