Should DTU rely on US software?

The geopolitical situation has significantly changed in the past year. A few years ago, it would have been absurd to consider a scenario where the US army would invade Denmark. Unfortunately, the standards for absurdity have changed, and any sensible risk analysis should, today, include the case where the US becomes an adversary.

I work with software, and let me be blunt: only an incompetent engineer would design a system today with a critical dependency on US-controlled software. At DTU, we pride ourselves on training some of Europe’s best engineers.

But then why is DTU's entire infrastructure running on US-controlled software? Why is our email system running Microsoft Exchange? Why is our administrative software based on solutions from Oracle?

Every day, we demonstrate to our students that we don’t worry about critical dependencies on US-controlled software. We show our students that at DTU, we do not keep our risk analysis up to date. We show our students that at DTU, we don’t bother adapting to new realities if doing so is inconvenient.

Is that how we train the best engineers? Through daily demonstrations of not bothering to reassess risk?

I trust that the above questions hint at my personal viewpoint.

DTU is one of Europe’s strongest innovation machines. We are used to doing things in unusual ways. We are used to trying new things out.

We have a moral responsibility to society to show an alternative path. In Denmark, parts of the government and some municipalities are experimenting with replacing, e.g., Microsoft with European software, often open source software. These organizations are not ‘techies’ and they are not designed to conduct experiments. In contrast, DTU employees are highly technical and are used to trying new things (heck, we even had a “Burger lab” at some point).

Why are we not experimenting when it comes to our software infrastructure? Are we scared of experiments at DTU?

Let me return to my own personal viewpoint. Every time I am faced with a Microsoft authentication dialog, I feel embarrassed. I am usually proud of working at DTU, but seeing how we choose to be a non-experimental university when it comes to IT infrastructure is an embarrassment. We are failing in our role as society’s experimental platform. We should be leading by example, but we have taken the opposite path. This is us failing society.

I understand that replacing infrastructure is expensive. We have IT staff trained to manage, e.g., Microsoft services. We may not be able to find one-to-one replacements for software solutions, implying some systems may need to be redesigned. This will cost both time and money.

But the alternative is to blindly pretend that we are not society’s experimental platform. This we cannot afford.

Søren Hauberg
Professor, DTU Compute