Now that the potential for multiple pitot heads to be offlined by a single meterological phenomena has been clearly established by the recent spate of incidents, the current system, shown to have no redundancy to this catastrophic failure mode, becomes a single point of failure in the safety analysis and as such will have to be addressed.
I don't agree that such a failure condition (common mode or single point) need be considered catastrophic
The idea is that you must have enough presumed barriers present to make it extremely improbable to result in a catastrophe.
So even if the pitot icing is presumed to be present the investigation need examine all the other presumed barriers that might have been overcome.