In my job before retirement, as manager I had to conduct (among many other duties) risk assessments of my organization's computer application systems. All high and medium risk areas were required to have redundant multi-located servers that would be transparent during malfuctions.
How can this happen to what should be the most risk averse system on the planet? Again, this just doesn't smell right.