"Failures like these are not "IT security failures", because really these shouldn't be IT systems. They are systemic failures, the blame for which lies with senior management trying to trim costs aggressively and equipment suppliers who are prepared to provide equipment that doesn't "fail safe" cheaper than equipment that does."
You can't fault the management, though. They have budgets to keep or they have to explain to financial boards, maybe even government officials with potentially serious consequences. Forget potential disasters when those officials CAN AND WILL confront you. IOW, the certain threat trumps the uncertain one.