The problem with testing software is that you can't test all combinations of input values to ensure the required output values are correct, certainly not in vlarge or complex systems. Failure testing is often limited to defined alternate path (within the software) testing as defined in the requirements/specification. Edge cases will always catch you out.
With that in mind, critical systems like this should always fail safe, ie reject any invalid input, or input which causes invalid output, rather than fail catastrophically, which appears to be the case this time.
Similarly for hardware and connectivity of critical systems, no one failure should cause a system wide crash.
I wonder how often, if ever, business continuity testing is performed which should have enabled quick recovery.