EU countries should put in place a framework to manage cybersecurity risks at EU institutions, the European Commission said on Tuesday amid concerns about rising cyber attacks that could disrupt key activities and steal sensitive information.

The proposal is part of a package of draft rules by the EU called the Cybersecurity Regulation that also aims to create a Cybersecurity Board to monitor the implementation of the new rules.

“In a connected environment, a single cybersecurity incident can affect an entire organization. This is why it is critical to build a strong shield against cyber threats and incidents that could disturb our capacity to act,” Budget Commissioner Johannes Hahn said in a statement.

Under the draft rules, all EU institutions, bodies and agencies will have to identify cybersecurity risks, set up a plan to improve their cybersecurity, do regular assessments and share details about incidents.

The commission also proposed an information security regulation that will create a minimum set of rules and standards for all EU institutions.

Governments have warned for weeks that Russia or its allies could carry out cyber attacks in retribution for sanctions, leading banks to increase monitoring, scenario-planning and line up extra staff in case hostile activity surges.

Earlier this month, EU ministers called for the setting up of a cybersecurity emergency response fund to counter large-scale cyber attacks.

(Reporting by Foo Yun Chee; editing by Mark Potter)