Suicide attack in Somalia kills 18 police; How US arms wound up in ISIS’ hands; Train-and-equip lives on in Syria; Internet traffic diverted through Russia; and just a bit more...

An al-Shabaab suicide bomber, disguised as a policeman, killed 18 officers and wounded 15 others after detonating a rigged vest inside a police academy in the Somali capital of Mogadishu this morning, Agence France-Presse reports this morning. "The bomber could have inflicted more casualties if he could have managed to reach the midpoint where most people were," one police officer told AFP.

The attack comes just two days after the 32nd U.S. airstrike on Somali-based extremists this year, carried out Tuesday morning 40 miles southwest of the capital. The strike allegedly hit a vehicle carrying explosives, with no estimate on how many al-Shabaab fighters may have died in the drone strike. A bit more on this morning’s attack, here.

Eyes on Somalia: AFRICOM’s Gen. Waldhauser just ordered an investigation into a deadly raid on August 25, the Associated Press reported Wednesday.   

The short read: “Waldhauser has asked the Naval Criminal Investigative Service to look into the details of the raid in Bariire village by Somali troops supported by U.S. special operations forces. The decision comes just two weeks after Africa Command released a statement discounting reports that several civilians, including children, were killed in the attack.” It also follows this damning report from The Daily Beast, published in late November.

From Defense One

Pentagon Delays Deadline For Military Suppliers to Meet Cybersecurity Rules // Marcus Weisgerber: The goal of the new regulations is to secure sensitive data on the computers and networks at smaller companies.

The Pentagon's Next Terrorism Threat (and Solution): Kids // Kristin M. Lord: As ISIS-type extremism spreads, counterterrorism commanders are right to be concerned with the youth population bulge. Here's how to turn a threat into a resource.

Trump Just Signed a Dire Warning about Climate Change // Zoë Schlanger: The 2018 NDAA acknowledges and anticipates climate change as an urgent threat, in sharp contrast to his administration's past denials.

Five Ways the 2018 Defense Bill Will Change Pentagon IT // Frank Konkel and Heather Kuldell: From a half-billion dollars for modernization to a closer look at bid protests, the NDAA may have a quick impact on defense IT.

The National Security Strategy Commits the US to a Lonelier and Less Generous Course // David Frum: As previewed by H.R. McMaster, the new NSS contrasts strikingly to the visions of other recent presidents.

Welcome to this Thursday edition of The D Brief by Ben Watson. Email us. And if you don’t subscribe already, consider subscribing. It’s free. OTD1972: Navy Capt. Eugene Cernan stepped off the moon’s surface, the most recent human to do so.

Two big reports on how ISIS manufactured its very own weapons — with some traceable back to the U.S. The first report comes from Wired, written by a former explosives ordnance disposal man and Iraq war vet. Brian Castner, along with Damien Spleeters of Conflict Armament Research, traveled to Mosul and Tal Afar, Iraq, in September to find — as Castner puts it — “more ordnance than I saw in my two combat tours combined.”
Armed with a list of 1,832 weapons and 40,984 pieces of ammunition picked up across Iraq and Syria, they have gathered "the most comprehensive ­sample of Islamic State-captured weapons and ammunition to date.”
The Wired report is a very long read. But here’s a useful excerpt to help guide you: “Most next-generation terrorism and future-of-war scenarios focus on artificial intelligence, drones, and self-driving car bombs. But those are, at best, only half the story, projecting white-collar America’s fears of all the possible dystopian uses of emerging technology. The other, and potentially more worrisome, half lies in the blue-collar technicians of ISIS. They have already shown they can produce a nation-state’s worth of weapons, and their manufacturing process will only become easier with the growth of 3-D printing.” The full report begins, here.

The second report comes from John Ismay and the former Marines of the New York Times, C.J. Chivers and Thomas Gibbons-Neff. Their BLUF: “Humanitarian de-miners, former military explosive ordnance disposal technicians and arms analysts working in areas captured from the Islamic State provided The New York Times with dozens of reports and scores of photographs and drawings detailing weapons that the militant organization has developed since 2014… The records show the work of a jihadist hive mind — a system of armaments production that combined research and development, mass production and organized distribution to amplify the militant organization’s endurance and power.”
The big fear, echoing Wired’s report: “They’re spreading this knowledge all over the world,” said Ernest Barajas Jr., a former Marine explosive ordnance disposal technician who has worked with ordnance-clearing organizations in areas occupied by the Islamic State. “It’s going to the Philippines, it’s in Africa.” He added, “This stuff’s going to continue to grow.” Read on, here.
BTW: The Pentagon’s FY 2018 budget request includes $500 million for a Syrian Train & Equip program, the Atlantic Council’s Aaron Stein noticed on Twitter Wednesday. So there might still be time to advance some of these post-ISIS battlefield assessments like Wired and NYTs cranked out...  

Speaking of Syria: The U.S. Air Force says Russia lied about an incident between an F-22 and an Su-35, with the USAF claiming Russia was pissed over a recent critical NYTs story, Business Insider reported Wednesday.   
The allegations from Moscow: “an F-22 Raptor maneuvered dangerously near two Su-25s before an Su-35 chased it away” over Syria on November 23. "Had an F-22 actually flown across the river into their deconflicted airspace, the Russians would have raised this on the call and it would have been discussed. Coalition deconfliction call transcripts show no such incident ever transpired," an Air Force official told BI. Story, here.

Russian diplomacy is increasingly being handled by Russia’s military, Reuters reported Wednesday in a big look at Russia’s military in the Middle East and beyond. Nothing too terribly surprising in this report. Though there is this: In the past few months, Russian Defense Minister Sergei Shoigu has been the man leading talks with delegations in Syria, Israel, Qatar, Egypt, Sudan and Libya. All that while the foreign minister appears to be taking a vacation from all things Syria.  

President Trump’s skepticism of U.S. intelligence on Russia is leaving an “election threat unchecked,” the Washington Post reports this morning in a large feature. A short summary: "Interviews with more than 50 U.S. officials show that the personal insecurities of the president have impaired the government’s response to a national security threat, with Trump resisting or attempting to roll back efforts to hold Moscow to account as he tries to forge a partnership with Russian President Vladimir Putin." Dive in, here.

Why was traffic from some of the biggest websites diverted through Russia? For six minutes — or maybe two hours — web traffic from Apple, Facebook, Google, and Microsoft was routed through “a previously unknown Russian Internet provider Wednesday under circumstances researchers said was suspicious and intentional,” reported Ars Technica. “The unexplained incident involving the Internet's Border Gateway Protocol is the latest to raise troubling questions about the trust and reliability of communications sent over the global network. BGP routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks. But despite the sensitivity and amount of data it controls, BGP's security is often based on trust and word of mouth.”
Something similar happened in April, when “traffic from MasterCard, Visa, and more than two dozen other financial services were briefly routed through a Russian government-controlled telecom, also under suspicious circumstances.” Read Ars, here.

Jailed Russian hacker points to government involvement with Kaspersky. Washington Post: “Kaspersky Lab, a Russian cybersecurity firm, has long asserted its independence of the Russian government. But a court document posted on the Facebook page of a Russian criminal suspect this year shows what appears to be an unusual degree of closeness to the FSB, the country’s powerful security service.” Read on, here.
ICYMI: The U.S. government is slowly deleting Kaspersky software from its computers. Get the backstory from Defense One’s coverage, here.

For your eyes only. “How long can a BBC reporter stay hidden from CCTV cameras in China?” Correspondent John Sudworth “was given rare access to put the world's largest surveillance system to the test,” and you can watch that less-than-3-minute report, here.

Finally today: We missed it, but a day behind isn’t too late to celebrate the 381st birthday of the National Guard. Churn through a baker’s dozen photos of the soldiers at work in various capacities, via Business Insider, over here.