VMS can be, and has been, used as a reflector/amplifier in a DDOS attack
with that NTP version.

DHCP to locate an NTP server? Sure, if that's around on the local
network. But many sites don't use DHCP with OpenVMS, and DHCP client
doesn't work all that well with OpenVMS servers, but that's fodder for
another day. There's no reason not to take a much simpler approach
here, and to establish a pool of default NTP servers in the default
OpenVMS install. Among those that folks don't choose to disable the
default NTP configuration and startup in this entirely-hypothetical
further integration of IP into OpenVMS, that'll cover the vast majority
of the folks installing OpenVMS. If the goal is to go full OSI here
with support for all configurations and variations, then sure, look
first for the local profile (once profiles are implemented), then any
locally-specified command configuration (or the config file if we're
going old-school), sniff for any multicast NTP servers, ask mDNS, and
then ask a DHCP server (RFC 5908). But a simple set of default
servers and network integration with a opt-out automatic startup solves
the common situations quite well without the added complexity. Yes,
additional customizations can be provided via a better user interface
than what presently exists, or by hacking around in UI-antiquity with a
manual and a text editor and a configuration file, ten meters of rope
and a torch, and do watch out for the grue.

If the VSI goal is to make OpenVMS more prevalent in the market,
there's simply no way that these sorts of fundamental UI weaknesses —
including sending people off to read arcane docs and manually edit text
files — are going to serve that goal.

The pool of NTP servers also accrues some simplistic telemetry data
that might be of interest to VSI, much like automatic patches and
related processing.
You are quite mistaken here. This is unnecessary busy-work, and
unfortunately implemented in a characteristically overly complex and
unnecessarily manual means. Outside of comparatively unusual
circumstances, there is no need for an OpenVMS system manager to ever
see or need more than a "enable and use network time?" prompt at
OpenVMS configuration, as she has far better things to deal with than
to have to learn and spoon-feed a poor user interface with a
manually-invoked text editor session. Put another way, if the
platform developers cannot design and implement a far simpler means
using defaults and a simple configure-time prompt — if they can't do
better than the current morass — then the platform developers
themselves are either fundamentally resource constrained, or — should
these user interface trade-offs and shifts onto the end-users
accumulate past what customers will accept and pay for — the platform
developers too may well be looking for other jobs, along with many of
the system managers and application developers that learned the
platform-specific incantation.

This isn't about what the system manager knows, it's about recognizing
and respecting what else she has to contend with, and working to make
her job easier and more efficient. Customer focus, "the network is
the system", making the customer more efficient, whatever you want to
call this. RTFM ain't all that and a bag of chips. Increasingly not
in the current era, and certainly not with where we're headed.
You are quite mistaken with that perception. You're not alone in that
misperception. IP network services are a fundamental part of any
modern computer. Not an add-on. This is the progression from "The
Network is the System", as DEC once used as a marketing mantra.
Unfortunately, OpenVMS development lost sight of that, preferring
instead to consider the pieces of the platform separately. Whether
VSI embraces that DEC mantra as part of their work toward the future of
the platform, we shall learn. Though they have little choice.

TL;DR: Simple is hard. But once you see and use a simpler user
interface, it greatly reduces interest in contending with UI
complexity. UI complexity such as pretty much the entirety of the
TCP/IP Services and the OpenVMS installation & configuration process,
for example. RTFM is not the best path to success, particularly when
there are approaches around that can completely eliminate the entire
manual configuration requirements — what amounts to the busy-work — for
the vast majority of the installations.