Final flight: STS-107 seconds after liftoff. NASA
Space shuttle program manager Ron Dittemore told reporters at the first press conference following the Columbia disaster that NASA would find out what went wrong with the spacecraft and fix it. But if the past is prologue, then part of what went wrong lies within NASA itself.
This is America's third spacecraft tragedy. Three astronauts perished in 1967 when fire broke out in the Apollo 1 capsule during a launch rehearsal. And then there's 51-L, the official designation for the last flight of space shuttle Challenger, which was destroyed seconds after roaring skyward in 1986. In both cases, review boards found that the root of the problem lay as much in humans as in hardware.
At the time of the Challenger disaster, NASA management estimated the odds of losing a spacecraft at 1 per 100,000 launches. Taken at face value, this meant that a shuttle could be launched, on average, once each day for 300 years with the loss of only one orbiter. Yet working engineers gave estimates a thousand times greater, closer to 1 in 100. It was a disconnect between two NASA cultures that had fatal consequences.
In the post-Challenger era, engineers employed new techniques for risk analysis. A 1995 study by Science Applications International Corp. (SAIC) determined that the median risk of a catastrophic accident caused by shuttle hardware failure was 1 out of every 131 launches. The most likely value, that which fell within the study's confidence limits, was just 1 in 76.
It's this latter probability that is now frequently cited as having been " almost right." In fact, such numbers really don't mean very much. For a system as complex as the space shuttle even the best assessment will underestimate the risks of fatal accidents. Just to approach such an analysis, engineers must simplify the shuttle's complexity by identifying critical systems. They then examine the probabilities of various failures in those systems and from these determine the risk for the space shuttle as a whole. Yet even a fault in a non-critical component can begin a cascade of failures that results in what is politely termed LOV/C, or a loss of vehicle and crew. Any calculation of the reliability of such a complex system is ultimately just a best guess.
The grim truth we learned on the morning of February 1 was that, with current procedures, technology, and management, the probability of losing a shuttle from all causes is no less than 1 in 56. This number, which is based on our actual performance and not guesstimates, is the only one that matters. It has been argued that this amounts to a 98 percent success rate. But turn it around and you'll find great odds for a Powerball jackpot.
One lesson from aviation is that most accidents occur during takeoff and landing. Challenger focused our attention on launches. After two decades of successful shuttle reentries, Columbia highlights the opposite side of the equation.
There's an old saying that the safest airline to fly is the one with the most recent accident. The idea is that safety margins gradually slip over time until the scrutiny attending an accident forces a correction. The Rogers Commission investigation of the Challenger accident revealed just such a trend, finding that strict adherence to established flight readiness criteria became more relaxed over time.
" The argument that the same risk was flown before without failure is often accepted as an argument for the safety of accepting it again," concluded commission member Richard Feynman. " Because of this, obvious weaknesses are accepted again and again, sometimes without a sufficiently serious attempt to remedy them, or to delay a flight because of their continued presence."
The Challenger disaster was caused by a known problem that was
allowed to persist. Although the investigation has just begun, it
seems unlikely that this is the case with Columbia. But I am aware
of at least one recent incident that appears to demonstrate NASA
willingness to accept greater risks.
In August 1993, the possibility of a large outburst from the Perseid meteor shower led NASA to postpone the launch of STS-51 and space shuttle Discovery. It was the first time a space mission was rescheduled due to a meteor shower. By avoiding the main activity, mission planners reduced the risk to both astronauts and vehicle. It was a prudent decision. A European communications satellite named OLYMPUS was fatally damaged during the outburst and its operators consider the most likely cause to be a strike from a Perseid particle.
Beginning in 1998, astronomers predicted far more significant outbursts from November's Leonid meteor shower. Built-in shielding protects the International Space Station from impacting space debris and meteoroids, but the space shuttle fleet lacks the same protection. An under-appreciated aspect of space flight is that the risk of fatal damage to a shuttle orbiter from a collision with space debris or meteoroids is about 1 in 200. Incorporating this additional risk factor dramatically increases the likelihood of a shuttle disaster. Not surprisingly, no shuttle flights were orbit or scheduled for launch near the Leonid activity peak from 1998 through 2001.
In November 2002, as in previous years, engineers at NASA's
Marshall Space Flight Center in Alabama and Goddard Space Flight
Center in Maryland advised spacecraft operators how to safeguard
their unmanned satellites from an expected storm of Leonids. Yet
STS-113 sat on the pad ready for a November 11 launch. Had it
flown on the original schedule, space shuttle Endeavour would have
been in orbit at the storm's peak. As it happened, an oxygen leak
in the crew compartment forced managers to postpone the flight
until the Leonids had passed. But why was a flight scheduled to be
in orbit when the risk of a meteor storm was at least as great in
2002 as in earlier years?
announced last December that " educator astronaut" Barbara
Morgan would fly on a mission to the space station later this year.
Morgan was Christa McAuliffe's understudy in the Teacher in Space
program, which was suspended after Challenger blew up. Space
travel, it seemed, had finally become safe enough that we could
pick up where we left off. As with Challenger, the Columbia
disaster kicks us right in the assumptions.
Space shuttle Columbia approaches touchdown near the end of its first mission, STS-1, in 1981. NASA
The risks from spacecraft accidents are not exclusive to astronauts, as the people of eastern Texas and western Louisiana have learned. Property damage from Columbia's falling debris has been minimal and, amazingly, injuries have not been reported. Perhaps future recommendations will call for reentry corridors that fly over as little land area as possible. Shuttle missions may also fly a more restricted range of orbits, allowing troubled vehicles to divert to the International Space Station in the event of an emergency. Even if Columbia's astronauts had been alerted to a problem, the fuel required to execute such an orbital change far exceeded its supply.
The news in the coming days and weeks will be filled both with the minutiae of Columbia's last moments and with the broader issue of NASA's funding levels. We'll hear questions about the wisdom of privatizing its space flight operations, which began in the 1990s. Many will emphasize the age of the current system and the need to develop a more cost-effective path to space, just as others will call for wholesale abandonment of human space flight.
But in the near term the remaining space shuttles will continue to fly, if only because the space station needs them for the periodic boosts that keep it from falling to earth. In that sense, the current crisis seems less severe than that which followed Challenger.
So hail Columbia.
Let's fix whatever errors in hardware and management the investigation reveals.
Let's once again acknowledge the substantial hazards of space flight, and with eyes fully open admire the courage of those who embrace these risks to fulfill their vision.
Let's continue the mission.