The custom file system provider is not writing to a network stream because unlike FTP, the SFTP protocol is a remote file system protocol with request/response architecture. It's not stream-based, and it allows random access, so read/write requests are not even guaranteed to be sequential.
When the SFTP client is about to transfer a file, it opens the file, issues a series of read or write requests and closes the file. ReadWriteFileSystemProvider's GetContent method is called when the client opens the file, and it can be customized to return a custom Stream. Then, when the client reads a block of data, the stream's Read method will be called to retrieve this data. And when the client writes a block of data, the stream's Write method will be called to save the new data.
This means that you can implement encryption in the Write method and decryption in the Read method, but you have to take the random-access nature of the SFTP protocol into account. That makes simple stream-based encryption schemes unsuitable (at least unless you severely limit the amount of actions SFTP clients can perform). However, there are encryption methods designed with this in mind, such as XTS-AES implemented by Rebex Security.