Carly Fiorina says U.S. didn't address cybersecurity in economic dialogues with China

Former Hewlett-Packard CEO Carly Fiorina recently took President Barack Obama and Hillary Clinton to task on the issue of cybersecurity, via a column posted on Medium. She said Obama and Clinton have left the United States "woefully uprepared for cyberterrorism."

Fiorina said cybersecurity is "a critical piece of our strategy to defeat ISIS and restore American leadership in the world." She made a number of assertions in that column; here we’ll look at one she made about the United States’ efforts to prevent cyber attacks from China.

"When we held recent economic dialogues with China," Fiorina wrote, "we agreed on over 100 different things —  including wildlife trafficking and volcano research. None of these 100-plus points of agreement addressed cybersecurity."

China has been implicated in past data breaches, including perhaps the most far-reaching hacking incident so far, which accessed a large cache of sensitive personal data held by the federal Office of Personnel Management.

Campaign spokeswoman Anna Epstein told us that Fiorina was referring to a news release in which the White House summarized 127 areas of agreement reached in June 2015 at the Strategic & Economic Dialogue, a periodic summit between high-level representatives of the United States and China.

Fiorina has a point that none of the 127 items on that list explicitly addressed cybersecurity. However, her argument is weaker if one looks beyond that list of 127 items: Fiorina ignored a subsequent agreement between the United States and China that dealt directly with cybersecurity.

But let’s start with the summit. In their public addresses at the summit’s opening, Vice President Joe Biden, Secretary of State John Kerry and Treasury Secretary Jack Lew each said that cybersecurity was an important issue for U.S.-China relations, and Chinese Vice Premier Wang Yang agreed in his speech.

The cybersecurity discussion -- a thorny one -- apparently did not lead to an agreement by the end of the summit, though experts told PolitiFact it may have been covered within the 127-point list by point 4, which confirmed the existence of "candid, constructive discussions between the two sides on strategic security issues."

The biggest problem with Fiorina’s claim, though, is that it fails to account for significant developments later in 2015.

The most important of these is an agreement on cybersecurity between the United States and China announced in September. That came almost three months before Fiorina posted her column.

On Sept. 24 and 25, Obama hosted President Xi Jinping of China for a state visit. During that visit, the two leaders announced an agreement on cybersecurity. Here are some of the key elements the two countries agreed on:

Featured Fact-check

Donald Trump

stated on March 22, 2024 in a Truth Social post

The New York civil fraud judgment against Trump and a plan to seize Trump-owned property “is simply a 'taking.' Much like what is done in communist countries."

• Cooperation on investigating malicious cyber-activities coming from their territory;

• A pledge not to conduct or knowingly support cyber-theft of confidential business information to aid companies or industries;

• Efforts to promote international consensus on norms for state behavior in cyberspace;

• Creation of a "high-level joint dialogue" on cybercrime with regular meetings, as well as a "hotline" to prevent the escalation of issues.

"This was important, because China accepted that states should not conduct cyber espionage against commercial entities to create competitive advantage," said Adam Segal, senior fellow for China studies and director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations.

And there have been notable developments since then, Segal has written: "There was positive follow up in the first round of cyber talks between the Department of Homeland Security and Chinese Ministry of Public Security in December 2015" when the two sides "agreed on guidelines for requesting assistance on cybercrime or other malicious cyber activities, as well as to conduct ‘tabletop exercises’ in spring 2016 and to define procedures for use of the hotline."

In addition, since Xi’s visit, the White House has worked to advance cybersecurity policies with other countries. A similar agreement between the United Kingdom and China has been struck, and there are indications that Germany would sign a "no cyber theft" deal with Beijing in 2016, Segal wrote.

Meanwhile, during the G-20 summit in November 2015, the White House announced that the leaders in attendance reached a notable consensus that international law applies to state conduct in cyberspace, including pledges not to "conduct or support cyber-enabled theft of intellectual property."

It’s worth noting that experts acknowledge significant difficulties in enforcing cybersecurity agreements. "Just three weeks after the agreement, cybersecurity companies reported new attacks on pharmaceutical companies," Segal wrote.

Our ruling

Fiorina said, "When we held recent economic dialogues with China, we agreed on over 100 different things — including wildlife trafficking and volcano research. None of these 100-plus points of agreement addressed cybersecurity."

One document listing agreements struck during a June 2015 U.S.-China summit supports Fiorina’s point, but citing that one document is a case of extreme cherry-picking. Three months later -- and three months before Fiorina published her article -- the United States and China struck a significant cybersecurity agreement, and since then, the countries have taken steps to implement the agreement and forge cybersecurity agreements with other nations.

The statement contains an element of truth but ignores critical facts that would give a different impression, so we rate the claim Mostly False.