If they were concerned about national security, they would denounce the culprit (they know what country they're coming from), and work on hardening security.
In most cases, we can't tell where traffic comes from. Between botnets, Tor, and other proxies, the best we can do is say "it looks like the attacks are coming from IP addresses from Karblockistan." Attack attribution is difficult, if not impossible. Hypothetically, I can attack your network and make it look like it came from anywhere in the world. If I want to be extra convincing, I'll use Chinese language tools so that you suspect the Chinese. An attack from Chinese IP's doesn't mean the PRC had anything to do with it.
As for the rest of your comment, have you not seen the flood of news articles on how DoD et al. are trying to hire security experts in droves? Besides, information security is a lot harder than putting bars on the windows. In many cases, you cannot know where you are vulnerable in the software (and hardware!) until after a breach, and in some of the more prominent attacks, the method was spear-phishing -- social engineering. You can't patch (or harden) stupid. Security is, always has been, and always will be a non-trivial problem.