As NASA readies Space Shuttle Atlantis for launch this month to resume construction of the International Space Station (ISS), agency officials are confident that they’ve finally put to rest the engineering problems that caused the 2003 Columbia accident. At the same time, they’re well aware of the difficult road ahead. The Shuttle is scheduled to fly at least 16 more missions between now and 2010—a pace roughly equivalent to the program’s historical average. Yet money is tighter than ever, the agency’s attention is shifting to future lunar missions, and the remaining station assembly missions will be among the most challenging in the Shuttle’s 25-year history.
We asked a group of experts to assess NASA’s chances of meeting its own 2010 deadline for finishing construction of the ISS and retiring the Shuttle. Below is a log of their discussion, conducted by e-mail between August 8 and August 13. The participants were:
Scott Hubbard holds the Carl Sagan Chair for the Study of Life in the Universe at the SETI Institute in Mountain View, California. Hubbard was director of NASA’s Ames Research Center from 2002 to 2006, and was a member of the Columbia Accident Investigation Board.
Tom Jones flew four times on the Shuttle before retiring from NASA in 2001. A scientist, speaker and author, his latest book is Sky Walking: An Astronaut's Memoir.
Howard McCurdy is a professor of public affairs at American University in Washington DC who specializes in space policy and history. His books include Space and the American Imagination.
Joseph Rothenberg is President of Universal Space Network in Newport Beach, California. Before leaving NASA in 2001, he was the agency’s associate administrator for spaceflight, responsible for the Shuttle and space station programs.
Tony Reichhardt is a Senior Editor at Air & Space magazine.
Reichhardt: Let’s assume the Shuttle really is “back” -- that the foam is fixed and that the next flight will be as clean in terms of falling debris as the last one was. If so, NASA will have spent three and a half years and more than $2 billion recovering from the Columbia accident. Not all that time and money was spent on the foam problem, obviously, but a lot of it was. From a purely engineering point of view, should it have taken this long to fix what is, after all, a minor component of the whole Shuttle system?
Jones: The astronaut in me says, “I’m sure glad they were that thorough in beating down the foam problem to what now seems a reasonable (though not perfect) level.” Given the lack of knowledge we had about the foam loss mechanism right after Columbia, finding a fix was not trivial given the acreage of foam and the many contours of the External Tank (ET). Throw in Hurricane Katrina delays, and the time required is not surprising. With NASA’s desire not to be second-guessed after committing to a launch date (recall the negative publicity after the post-STS-114 “grounding” last year), the flight schedule kept slipping. If NASA had anticipated the true time involved, they might have made more efficient use of the money, knowing that they would be taking things slow for 30 months. The President’s 2004 announcement of a 2010 Shuttle retirement shows how NASA underestimated the required work to return to flight.
Hubbard: As we discovered during the Columbia accident investigation, the foam debris has been an unresolved, open issue since the first flight of the Shuttle. During one of the CAIB hearings, a engineer from NASA’s Marshall Space Flight Center who had worked on the ET since the beginning remarked that “the people who designed the tank and the people who created the foam were never in the same room at the same time.” It is clear in hindsight that resolving the physics and chemistry of an insulating foam meant to operate across a huge range of temperatures and velocities is not a trivial matter. Recall that fixing the foam problem required the redesign and revalidation of significant elements of the ET. That it took years to understand is not inconsistent with solving large scale systems issues that require “after the fact” fixes to address a basic Shuttle design compromise: in this case mounting the orbiter on the side.
Rothenberg: One has to remember that in many people’s opinion, including mine, the future of human spaceflight, and maybe even NASA, could not afford another lost Shuttle—even if the crew were rescued. So NASA had to take whatever time it took to get it right. An extra year or so is a small matter in comparison to the interruption which might result from the loss of another Shuttle.
Clearly, understanding the physics behind the shedding foam, then developing and testing fixes to bring the design to an acceptable risk level, was far more complex than NASA, or I for one, anticipated. The engineers certainly were motivated to make sure they got it right, and the pendulum did swing from the operators [who want to resume flying] to the engineers. And it finally came down to a management decision to overrule the technical recommendations.
Flying the Shuttle remains a high-risk operation, and there are many residual failure modes which could result in another accident. The design has some inherent single point failures which cannot be fixed within a reasonable budget or schedule, and some single point failures which cannot be eliminated. So yes, they fixed a few things beyond the shedding tile. But significantly reducing the probability of another accident will have to wait for the next generation human spaceflight vehicle, currently expected to be the CEV [Crew Exploration Vehicle].
Reichhardt: I’m struck by the fact that, even after three years of analysis and testing of the foam and ET modifications, the decision to launch Discovery last month came down to a judgment call by Mike Griffin. It wasn’t clear-cut, and it required lots and lots of discussion. And that’s for a problem, as we’ve said, that’s been known—if not adequately studied—for years. NASA is now returning to a mode where the time between launches will be weeks, not months. They simply won’t have time to conduct every last test or talk over every engineering possibility. It’s the return of “schedule pressure.” So how do they keep the pendulum from swinging too far back toward the operators?
Jones: Joe mentioned earlier that another Shuttle loss would result in halting U.S. human spaceflight until motivation and safety caught up with ambition. I agree, and agree with the cautious approach to launching post-Columbia. Griffin’s call was correct, in my view, because we were relatively confident that the crew would survive another foam strike, and that if we hope to use the Shuttle practically, we will need to accept its many designed-in risks.
If we encounter another serious system problem, short of disaster, that will take a year and billions to fix, I would accept the inevitable and ground the Shuttle for good. The space station will have to be finished by other means. The smart move then would be to shift resources to a safer crew vehicle and unmanned heavy lift methods (existing or future boosters) to get remaining space station hardware into orbit. At that point we would also wisely debate what ISS assembly still made sense.
Reichhardt: How likely is it that over the course of 16+ flights we’ll encounter another problem that takes a year and billions to fix? 10 percent chance? 50 percent?
McCurdy: Statistically, I would estimate the probability of a flight-stopping event over the next four years of Shuttle operations to be somewhere between 5 and 25 percent. Stated in its converse form, NASA probably has a 75 to 95 percent chance of completing the planned Shuttle flights. The Shuttle remains a risky technology, but the risk is manageable.
Historically, NASA has gone to a “ground and redesign” situation in its human spaceflight program only three times—after the Apollo 204 fire in 1967 and after the two Shuttle accidents. A catastrophic accident triggered each. Actual experience puts the probability of a catastrophic Shuttle accident at slightly less than two percent per mission (two catastrophic events spread over 115 missions.) NASA officials believe that they have improved those odds through Shuttle redesign and a heightened safety culture. They probably have.
Assume that they have reduced the likelihood of a catastrophic loss from 2 in 115 to something like 1 in 350 flights. The probability of completing 16 consecutive, successful missions under that assumption would be about 95 percent. If the old odds hold, and the accident rate remains high, then the chances of completing sixteen consecutive missions fall to about 75 percent. Clearly, culture and technology matter in determining the odds of success.
I personally doubt that we will ever see another Shuttle “ground and redesign” situation like the one we have just endured. Shuttle managers will probably fly through any remaining problems, making incremental changes as they go. If the problem is big enough to stop flying, the remaining orbiters are more likely to wind up in museums than in the redesign shop.
Rothenberg: Based on Shuttle statistics alone, I would say the chances are less than 10% that there will be a significant problem requiring a major recovery effort. Having said that, I believe in practice there is closer to a 50% probability that the Shuttle will have a problem which costs more time and money to recover from than expected. One example would be a Shuttle main engine shutdown in flight, with the orbiter still reaching orbit. In the past, postfight recovery activities might have been limited to understanding and fixing the problem. Today we would have a lot of external pressure to re-evaluate all options to make it even safer.
Reichhardt: The trick for NASA management will be predicting the downtime (and the related costs) of these problems as they happen. The agency’s track record isn’t good here.
Really, it’s the used-car dilemma. When do you do the repair, and when do you buy a new car? NASA is already making payments on the new car, the CEV. But if they spend too much on repairs, they’ll have to delay buying the new one, or, as we’ve seen, start canceling other projects like the Terrestrial Planet Finder that have great public appeal.
Jones: Crippling delays are a possibility. If an ISS component goes up on Shuttle and either does not make it into place or has to be returned due to a systems problem, the next mission can’t take place. We will then face an operational review and the time to make a technical fix. I would find it hard to believe that we’ll build the entire ISS without at least one major hang-up in assembly. The transfer of the P6 truss segment (furling of its solar panels, dismounting, transit by mobile transporter (robot arm cart), and reinstallation and deployment of the arrays) is one example where a big snag could develop. But lunar missions, along with asteroids and Mars, will be just as challenging. We should try to do the job rather than give up prematurely. I would say we have an 80% chance of pulling off the Shuttle’s ISS assembly work.
I am a little skeptical of the priority and popularity of projects like Terrestrial Planet Finder, which exist only on paper and are just one of many steps toward finding habitable worlds. Mars is indeed a habitable world, given its resources, and establishing humans off-planet, where they can investigate Mars’ biological history (if one exists), would seem of more immediate interest and excitement to the public. It’s possible to do robotic exploration and astronomy in tandem with human expeditions. After all, if we find Earth-like planets, it will be centuries before a machine can visit them. Mars is a near-term destination likely to be visited in our lifetimes, or shortly thereafter.
Americans won’t care if we don’t build a TPF as soon as possible. They will care if the Chinese and Russians are taking circumlunar flights and we have no Low Earth Orbit-capable transport or access.
Reichhardt: Is there something NASA can do to improve its odds of successfully flying the Shuttle for four more years? During the CAIB hearings [Chairman] Hal Gehman called for an aggressive program to search for unknown engineering problems—“looking for trouble,” he called it. Is that happening to the extent that it should? Or would that even help at this stage of the program?
Hubbard: The issue of “aging aircraft” was the subject of much discussion during the CAIB investigation. We held a public hearing on this topic and looked in detail at the Shuttle wiring study done by my predecessor at Ames, Harry McDonald. The recommendation to re-certify the Shuttle after 2010 came from all these considerations. My sense is that the Shuttle engineering staff has been sensitized to look for problems, although funding for upgrades was diverted into Return-to-Flight activities and other more pressing concerns.
The good people of the Shuttle will keep working hard on the system as it is, but I doubt there will be significant effort into, e.g., changing out standard insulating tiles for the advanced TUFI variety.
McCurdy: Clever people can lengthen the odds favoring mission success by creating “cultures of safety” among their work teams. NASA officials showed how this works during the Apollo moon program, and the phenomenon has been demonstrated since in a number of high reliability organizations.
Among the practices that allowed NASA’s “culture of safety” to prevail over operational pressures (like schedule) was a widespread acceptance of spaceflight as a very risky endeavor. Managers were committed to the principle that every problem had to be understood before a mission flew, people talked openly, and the government maintained sufficient in-house technical capability so that people in the agency could recognize problems when they occurred. Some set the odds of a catastrophic failure on any lunar landing mission at 30 percent, yet NASA never sustained a single flight fatality through six lunar landings and one exploding oxygen tank. (The odds of completing seven consecutive landings under such conditions were a paltry eight percent.) It was a remarkable achievement.
I was pleased to see these practices resurface in the preparation for the last two Shuttle flights. Hopefully we will never again hear words like “mature…reliable…fully operational…[or] airplane” used in conjunction with the Space Shuttle. If NASA officials treat it like the high-risk, experimental vehicle that it is, they will lengthen their odds of completing the remaining missions without a catastrophic event. The risk will not disappear, but it will be managed in the best possible way.