You can't add security to code as an afterthought. It has to be designed and incorporated into the very core to have any real hope of being effective.
Adding security rather than incorporating it doesn't automatically make it an afterthought. In fact I would argue that separating security rather than incorporating it is the optimal solution. Incorporation is the primary weakness the NSA is exploiting right now.
Here's one of the more obvious examples. Let's say you're using Windows 8. If you use a Microsoft cloud-based login, use BitLocker to encrypt your drives, and SkyDrive to store files on the cloud all the NSA has to do is get insider access to Microsoft to compromise all of that. And in fact that's exactly what they've done.
The solution isn't incorporation but rather separation and redundancy. You are absolutely correct that it needs to be designed into the system, but one of the essential elements of that design is that it can't be a single, monolithic system. Eliminating single points of failure is one of the core elements of good security.
Much like any of today's operating systems, network protocols, or applications - security is as much a product of "good enough" engineering as everything else.
That's certainly a good point at least on the OS and application levels. However I would argue network protocols are simply the wrong place to focus on security. The primary focus of networking protocols is, and always should be, reliable connections and delivery. Anything that interferes with or complicates that, including security, will always be an afterthought.
Besides if you haven't already addressed security before you reach the network you've already conceded the battle. Good security needs to use the network, once again to eliminate single failure points, but it needs to be separate from the network. The network needs to be just another (relatively small) component of security.
Like I said you're absolutely right it's a systemic rather than isolated problem, but as I've said elsewhere the solution is to rethink the entire system from the ground up. That means starting with the user and hardware, working your way up to the OS, then the applications. At each point where new hardware or user interaction comes into play you back up and start from that level again. That's how you create a system that's both functional from a technological level and still usable on a human level.
And of course that actually starts with the human element in government. Without transparency and accountability any and all security measures are weakened or even nullified completely. As I've been saying for the last couple months, though, that's already happening and will continue to happen. The US government's primary source of power is the illusion of their significance to the rest of the world.
What they still don't understand is that not only do other countries not need us (meaning our economic infrastructure) the way they did even 10 or 20 years ago, but also that the same goes for US citizens.