Whilst I agree with what you say, this isn't about building two entirely similar, but subtly different systems. It's about how the fail over works, if the system is allowed to crash in the event of this very rare but erroneous data being inputted - then what happens? It goes offline for three hours, we then wait for another four hours for the erroneous data to be 'washed out of the system' aka cleared from local memory, then seven hours later we start clearing the backlog of aircraft, that will take a week?
Safety and mission critical systems - think power systems or train signalling, or even mobile network operations - just can't work like that. The logic has to be 'if route A fails, switch to route B' (which can't just be a carbon copy of route A'); that should allow the erroneous data to be isolated without crashing the entire system. And in the (really!) very exceptional circumstance that both route A and route B end up failing at the same time, there should be a route C fail over to cover that contingency as well.
Just having three identical route As is asking to crash the system, which has now happened, repeatedly.