Virginia Division of Legislative Automated Systems

The Virginia Division of Legislative Automated Systems (DLAS), also known as the Virginia Legislature's IT Agency, is the central technology provider for the Commonwealth of Virginia's legislative branch. Headquartered in the United States, its core mission involves developing, maintaining, and securing the critical information systems that support the state's lawmaking processes. This includes managing the essential platforms for bill drafting and budget management, which are fundamental to legislative operations. The agency also oversees communication infrastructure such as voicemail services for legislative offices and maintains the official website for the Virginia Capitol Police, thereby supporting both administrative and security functions of the legislature. Its services are exclusively dedicated to enabling the work of the Virginia General Assembly and its associated entities, ensuring the technological foundation for drafting, tracking, and managing state legislation and fiscal policy.

The agency's operations and resilience were severely tested by a sophisticated ransomware attack on December 10, 2021, an incident noted as the first known ransomware event to directly target a U.S. state legislature. The attack occurred over a weekend and critically disrupted key systems, including those for bill drafting and budget management, while also taking the Capitol Police website offline. This disruption happened during the final preparatory stages before the legislature's session, significantly hampering legislative readiness. In response, DLAS activated its incident protocols, collaborating closely with the Federal Bureau of Investigation, the cybersecurity firm Mandiant—which had been previously retained following an earlier credential breach—and IT personnel from the state executive branch. The coordinated remediation effort successfully contained the incident without compromising any executive branch systems, demonstrating a clear segmentation between legislative and executive IT environments. Although a nonspecific ransom demand was left by the attackers, the focus remained on recovery and continuity. Crucially, core police communication systems remained operational throughout the crisis, preventing a total loss of critical security functions. This event established a significant precedent for state legislative cybersecurity, highlighting both the vulnerability of these institutions to advanced threats and the importance of established cross-agency response partnerships for effective recovery.