Spaceflight Now

Expert says NASA lost sight of safety margin
Posted: March 25, 2003

Aloysius Casey appears before the Columbia board Tuesday. Photo: NASA TV/Spaceflight Now
An independent aerospace expert told the Columbia Accident Investigation Board today NASA managers somehow missed the obvious when it came to the potential threat of foam debris falling off the space shuttle's external fuel tank. Aloysius Casey, a retired Air Force lieutenant general with decades of experience managing intercontinental ballistic missile programs and heavy-lift launchers, implied that NASA managers allowed themselves to be lulled into a false sense of security by their own past successes.

"I'm not going to act like I'm some expert in this particular failure because I am not," he told the board during a hearing in Port Canaveral, Fla. "But I would make these observations: High-speed impacts of material on the shuttle wings are beyond the qualification envelope of the orbiter. ... Regardless of the specific sequence and the details of the failure events, it seems to me the remedy is to preclude debris from impacting critical systems during ascent or any time. I believe this was doubtless an original design requirement for the whole system, that you do not have debris impact some vehicle systems. However, I think this is a design requirement that was not achieved. Demonstrably not achieved."

Board chairman Harold Gehman could be seen nodding in agreement during Casey's opening comments.

The shuttle Columbia was destroyed Feb. 1 when a plume of superheated air burned its way into the ship's left wing, at or near the leading edge just in front of the left landing gear wheel well. The deadly breach disrupted the airflow around the orbiter during the hottest part of its re-entry and severely weakened the wing itself, setting up a catastrophic chain of events that ultimately led to the orbiter's breakup 200,000 feet above Texas.

What might have caused the breach remains under investigation, but a major suspect is impact damage from external tank foam that ripped away 81 seconds after launch and slammed into the left wing on the lower surface of the leading edge. High-speed tracking cameras show a suitcase-size piece of foam fell away from the left bipod ramp area, where the nose of the shuttle attaches to the tank.

The accident board has been looking into past flights in which foam debris fell away from the tank and examining the decision-making process that allowed the shuttle fleet to keep flying despite a known problem that was, in hindsight, clearly beyond the shuttle's design criteria.

Casey said the key issue is retaining built-in safety margins and not exceeding them. Shuttle systems are certified, based on testing and analysis, to be able to withstand a certain, specified level of stress that is above and beyond what the system might actually see in flight. But Casey said the shuttle's wings were not designed to be struck by 500 mph-foam and that the foam wasn't supposed to come off in the first place.

Shuttle program manager Ronald Dittemore has not hesitated to ground the fleet in the past to correct seemingly minor problems. But the foam shedding problem was never viewed as a safety of flight issue. CAIB members have made no secret of their concern that NASA was lulled into a sense of false security in this case and Casey seemed to agree.

"It's absolutely critical that we retain margins," Casey said. "A concerted effort needs to be made to operate within design margins, and again, I'm talking about margins that are verified and qual tested for each and every one of the subsystems. A series of successful flights does not verify margin. You may be skating on the very edge and you come up to that flight where either the environment or the hardware causes you to go negative.

"Special efforts should be made to preclude waivers or deviations in production and assembly or pre-flight checkout or any other kind of method that's used for accepting the things you've been talking about here today, that they do not, in fact, reduce the margin. And that's very difficult to decide, it requires expert system engineering judgment to look at that particular point, how we buy this thing off does not in fact reduce our margins.

"Aging and repeated use may also erode the margin unbeknownst to the operators of the system," he said. "I believe it is absolutely essential that comprehensive system engineering effort is made to not only know what the margins are, but to be sure that we protect them in all the ensuing operations."

Casey's comments clearly struck a chord with Gehman.

"Your comments are very helpful because in some of the readings we've all done as part of our review of some of these programs, that subject, of successful flights don't re-establish margins, has come back again and again," Gehman said.

He said successful flights prior to Challenger's destruction were no indication that flawed O-ring seals were safe to fly and "they should not be used to indicate everything is OK here."

"When you use the term 'qualify the system,' if you take the case of the ET for example, the external tank, we would agree in its present situation, the ET is an unqualified system because it's shedding foam continuously," Gehman said. "It wasn't designed to shed foam, we didn't design this thing to have the shuttle orbiter to be impacted by foam, therefore it's currently not qualified in the sense we're using in this room."

"Exactly. That's right," Casey said. "There's no way in my mind that you can say I'm operating within margin if I have an unknown mass impacting an aerodynamic surface."

Gehman then brought up Challenger again, at least obliquely, by questioning the very decision-making philosophy NASA uses to clear shuttles for flight, echoing discussions in hearings 17 years ago that were focused on Challenger and its O-rings.

"What we should do is we should change the operative question on the table here," he said. "The present question is that you've got to prove to me that something is unsafe before I'll change it. What we need to do is, we should require the system to prove it is safe, particularly if we have something that appears to be exhibiting anomalies. The impetus should be to prove it's safe, the burden shouldn't be on me to prove it's not safe. The burden should be on the system to prove it is safe."

"Yes I would agree with that," Casey said. "Obviously, we have to give a lot of credence to any indicators we get. But I am equally as worried about those things that, in fact, are so subtle you haven't seen them yet but in fact, the margin isn't there and you can lose it."

Of course, such a discussion benefits from 20-20 hindsight. Roy Bridges, director of the Kennedy Space Center and one of the managers who signs off on the certificate of flight readiness, or COFR, said he never had any idea the foam represented a safety of flight issue.

"To be honest, I did not think the bipod foam coming off had caused any significant damage in the program to date," he told the board today. "I believe it came off about four times before that we know of. I personally looked at every shuttle that's come back during my tenure here and I've seen no significant damage from any of the foam coming off.

"It's certainly been a maintenance concern, it's a lot of work to go out and have to repair all of those things and we don't take that lightly," he said. "We want to get to the root cause of those things and get them fixed. I personally was not aware there was any safety of flight concern with the ramp foam coming off prior to this flight. Had I been aware of that, I certainly would have put my hand up at the FRR (flight readiness review) that we would stop flying. I think this is certainly a surprise to all of us."

In answer to a question by board member John Logsdon, a space policy analyst at George Washington University, Bridges said the launch team was not influenced by any undue pressure to continue space station assembly flights. Schedule pressure was cited as a contributing factor to the Challenger disaster.

"Certainly it was something that I was aware of, trying to make sure we did not lapse back into that mode," Bridges said. "I was an active astronaut before Challenger and I was watching the flight rate go up to one a month about the time I was flying and was aware of intense schedule pressure at that time frame. So I'd say I was pretty highly tuned to trying make sure we didn't fall back into that situation."

He agreed that NASA was driving to meet the space station's initial completion date, saying "we were on a roll and we would have liked to finish it in February of '04. It would have been a brilliant achievement if we could have done that.

"But we were not going to let things like (propellant line) cracks or any other items like that that popped up be, you might say, squashed in order to meet that schedule milestone," he said. "I never felt any concern that if we brought this up to (NASA spaceflight chief) Bill Readdy or the administrator, Sean O'Keefe, that they would do anything except applaud us for letting them know we had a serious problem, we need to take a time out to fix it."

Bridges is a commander of the Air Force Flight Test Center at Edwards Air Force Base, Calif. As such, he had broad experience dealing with test programs, the problems that routinely come up and the decision making needed to work through them.

Discussing problems during flight tests of F-15 fighter jets, Bridges provided a bit of insight into how he views such issues and what it takes to consider grounding a vehicle.

"Certainly, we're interested inn anything that falls off test aircraft and anything that could cause a problem," he said. "I will tell you that the desert floor around Edwards is littered with so-called F-15 tail feathers, little flaps around the engine nozzles, and other things like that that did not work out too well on aircraft but were not thought to cause damage.

"And while we really didn't like dropping things on the desert out there, in order to get the test program moving forward we did not ground the fleet every time we had some minor thing like that happen. So it really depends on what the potential for damage was. If it was a safety issue, certainly I would engage and recommend that we stop flying until we fixed it. If it's not a safety issue, we certainly tried to come up with some kind of fix."

The problem, of course, is being able to recognize a safety issue in the first place. And that's not always easy in a system as complex as the space shuttle.

"Our challenge is to receive those (warning) messages and do something about them," Gehman said later to Casey. "That's the tricky part. I agree with you completely, your presentation made some of those things crystal clear. I would say there really are two cases. There's one where you have the indicators and you have to act on them. And the other one is where in fact, you're losing your margin and you don't have indicators. And those are the really tough ones."

Casey concluded his presentation by arguing shuttle flights will remain relatively risky events regardless of any post-Columbia changes that are implemented and that as a result, NASA should consider limiting the shuttle's crew size to the bare minimum necessary to support a given mission. He also said NASA should not launch shuttles if a mission can be conducted using unmanned rockets and/or robotic systems.

After the hearing, Gehman said the board likely will not address the issue of shuttle crew size or how the vehicle is used.

"Our recommendations, our report, will attempt to quantify the costs and the risks and the benefits," he said. "It will be up to someone else to determine what you're going to charge and how we're going to pay for those things. I doubt we will specify a crew size."

Spaceflight Now Plus
Video coverage for subscribers only:

Hubble Calendar
NEW! This remarkable calendar features stunning images of planets, stars, gaseous nebulae, and galaxies captured by NASA's orbiting Hubble Space Telescope.

Hubble Posters
Stunning posters featuring images from the Hubble Space Telescope and world-renowned astrophotographer David Malin are now available from the Astronomy Now Store.

Earth Calendar
NEW! This amazing 2003 calendar features stunning images of mountain ranges, volcanoes, rivers, and oceans obtained from previous NASA space shuttle missions.