The thing is, countries with vast intellectual property base have more to lose in the game, thus they should favor defense over offense. Like Schneier says, we must choose between security for everyone, or security for no-one.
Except that the big money IP owners consider piracy and loss of revenue far more important than merely securing their assets. The kinds of software they buy, DRM, copy protection, automatic DMCA takedown of automatically-detected infringing works, doesn't have any applicability to cybersecurity.
