Chinese President Xi Jinping and President Barack Obama at the White House on Friday. (Kevin Lamarque/Reuters)

WHAT DOES it mean when the leader of a huge nation announces that it will not engage in destructive behavior — after years of engaging in it? That is the question about President Xi Jinping’s comments to the effect that China will not wage a cyberwar on the United States for valuable commercial secrets and intellectual property. In fact, China has been intensively and actively stealing them for a long time. Retired Gen. Keith Alexander, a former director of the National Security Agency, once called such cyberattacks “the greatest transfer of wealth in history,” referring to the draining of blueprints and trade secrets from U.S. companies and government networks. Does Mr. Xi really intend to stop this, or is he just practicing spin and damage control?

President Obama, in his joint news conference with Mr. Xi at the White House last week, announced that “our two countries have reached a common understanding” on cyberattacks. “We’ve agreed that neither the U.S. or the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.” Mr. Xi echoed the pledge, and in Seattle last week he declared, “Cybertheft of commercial secrets and hacking attacks against government networks are both illegal; such acts are criminal offenses and should be punished.” The two nations have agreed to establish a hotline and a “high-level joint dialogue” about cyberconflict, Mr. Xi said at the White House.

If all these statements are taken at face value, they represent a stunning retreat by China from theft and intrusions that provoked howls of protest in recent years. It strains credulity that China has changed all of a sudden. The modifier “knowingly” in the statement is also a bit suspicious because China and Russia have used shadowy organizations to mask their meddling.

But even if Mr. Xi’s statements are questionable, they offer an opportunity in the long and so far fruitless quest to stop Chinese cyberintrusions. Now, at least, there is a benchmark statement by the Chinese president by which to measure China’s future behavior. Every Chinese cyberattack in the future ought to be held up against Mr. Xi’s pledge at the White House. “The question now is, are words followed by actions?” Mr. Obama told reporters. “It has to stop.”

If the hacking does not stop, it becomes more urgent than ever that Mr. Obama be prepared to use sanctions in response. Congress and the president also must strengthen the defense of vulnerable U.S. networks, both public and private. Given the daring nature of recent cyberattacks, such as the espionage operation that drained the Office of Personnel Management of sensitive records on millions of Americans holding security clearances, the United States is under siege. Jawboning China to stop attacking is fine, but only while repeating another famous axiom: “Trust, but verify.”