Yes, anything can be changed. The argument revolves around should it and how? These questions however cannot and should not be debated by people like 'the professor' who simply see the internet as a 'series of tubes'.
In the world of physical security we secure things via (my favourite principle) 'least privilege'. We secure rooms, floors and even entire buildings via this principle. It is when an individual human is compromised (ie. a security guard etc.) that breaches in our systems happen. The same happens in the digital world. The only way to truly secure anything in the digital world is using the 'least privilege' computing principle (anyone worth anything in the industry knows this) so then why are breaches still so common and seemingly becoming more so? Because the individual users are still being compromised faster than they are being secured. The individual users and their digital machines are the weakest link in world 'internet security', not actually 'the internet' (network infrastructure) itself. This is the 'key something' real network engineers understand and something Mr. Professor does not.
More often than not, the 'heads of security' I've encountered in my many many years of service in IT, resemble the fat doughnut-eating security guards who are seen to 'protect' our sensitive buildings when the reality is the 'least privilege' enforced by the elevator card-access systems, fingerprint/retina scanners etc. are the ones actually doing the protecting.
Once again, there is little to no point in debating how to change something, when you really know next to nothing about why it works in the first place. The good professor should stay good at what he knows, and leave the other things up to those who specialize in the correct field(s).