Reduce the risks, but let our shuttles fly|
by Walter Cunningham, astronaut, Apollo 7
May 18, 2003 — Okay, so we've had another manned space disaster, the third in 40 years, and the faint-hearted are once more out to save us from the risks. They are concerned age and corrosion have taken their toll or the shuttle is too fragile or the wear and tear of going in and out of space is greater than anticipated. Rep. Joe Barton, R-Texas, goes so far as to say, "We ought to scrap the program, or limit it to transporting only cargo, not humans."
Columbia won't be the last space disaster. Unfortunately, we can spot some common factors in the three tragedies. Complacency was a factor in at least two of them and management decisions played a significant role in all three. Following the Apollo 1 and Challenger accidents, virtually everyone got on the bandwagon to make the vehicles accident-proof. In the aftermath of Columbia, we have an opportunity to break that pattern. We can become more accepting of the risk in manned spaceflight and more realistic about our expectations. We can still avoid the mistakes of spending billions of dollars and years of time for dubious or cosmetic "improvements" or adopting operational restrictions that add little or nothing to safety but have a severe impact on operational flexibility.
Following the disastrous Apollo 1 launch pad fire that killed the crew, dozens of safety and operational improvements were incorporated into the spacecraft and Apollo 7 was launched 21 months later. During those 21 months, our crew placed a great deal of emphasis on keeping engineers, managers, and even congressmen, from "killing us with kindness." That is how we referred to the tendency to go overboard on changes in the name of safety. It is possible to add so many safety features, the vehicle becomes overweight, loses its operational flexibility and is no longer able to perform its originally intended mission. Most of this "overkill" was motivated by well-intentioned concern -- their way of avoiding a repeat of the Apollo 1 disaster. We eventually adopted that old rule: "If it ain't broke, don't fix it!"
Those of us on the first two flight crews knew that our own overconfidence played a role in the fire. We had many safety concerns about the Apollo 1 spacecraft but thought we could "fly the crates they shipped them in." Weren't we the best pilots in the world?
The cause of the Challenger accident in 1986 was quickly determined to be hot exhaust gas leakage through a solid rocket booster seal even though earlier missions had been successful in spite of similar exhaust gas leakage. Complacency and overconfidence led management to launch in weather so cold that hot gas "blow-by" was almost certain to occur; and Challenger blew up.
When it was determined that some of the Challenger crew may have been alive until impact with the water, two minutes and 45 seconds later, engineers came up with a bailout "scheme." It incorporates a fireman's pole out the hatch, launch and re-entry flight suits and requires the orbiter to be in "stable, controlled flight at an altitude of 30,000-40,000 feet." Shuttle pilots with whom I have spoken say it provides more the hope of a bailout than a real bailout capability. It did allow everyone - NASA engineers and management, Congress and even the public - to feel they had done something in the name of safety.
Now we are dealing with the most recent failure in the dangerous business of exploring space. Once more, there is a real risk of overkill as congressional committees, engineers and managers concluded they have a duty to take all human risk out of the operation.
The Shuttle Thermal Protective System is a complex and impressive solution to the re-entry heating problem. The tile component is extremely fragile; the reinforced carbon-carbon a bit more robust. Design requirements say the delicate heat-shield tiles should not be hit by anything, even raindrops. It was, obviously, never expected to launch through a hailstorm of external tank insulation, the most likely cause of the Columbia disaster. That possibility was avoided - or so NASA believed - by the selection of the foam insulation material and the adhesive for attachment. Foam insulation has come off the external tank on a majority of missions. After 20 years of successful re-entries with some tile damage, management became used to the risk. Since NASA did not consider some damage to the tiles on launch a safety issue, it was only a slight stretch to conclude that Columbia would be OK, as well.
Once again, overconfidence and complacency have encouraged bad judgment. Our weakness was not so much in our equipment as in our decision processes. But management's honest and incorrect conclusion that the falling insulation caused little damage did not lead to the loss of the crew. It was the long series of decisions by NASA management to continue launching orbiters through shedding insulation that led to loss of the Columbia and its crew.
Even if they had correctly concluded that the insulation had damaged the Orbiter's thermal protection system enough to compromise re-entry, there was absolutely nothing that could have been done to save the crew. All those knowledgeable about space flight and the space shuttle know that. When the shuttle program manager, Ron Dittemore, was honest enough to say so, the NASA Administrator, Sean O'Keefe, took exception at a congressional hearing, saying, "To suggest that we would have done nothing is positively fallacious. If there had been... a clear indication (of problems)... there would have been no end to the efforts...".
O'Keefe, who has otherwise handled the Columbia disaster very well, was displaying three deficiencies: lack of space experience; lack of systems knowledge; and lack of awareness that, in manned spaceflight, it's only results that count, not efforts.
During the 1990s, under continuous budget pressure, NASA delayed some scheduled safety improvements. This reduced the emphasis on safety and contributed to an attitude of doing the job in spite of budget deficiencies. So far, it does not appear to have played a direct role in the Columbia disaster.
Second-guessers have had a field day speculating on what NASA could have been done to save Columbia. Even if we had known STS-107 was in trouble, all the second-guessing schemes were virtually impossible, took dangerous shortcuts on procedures and training and violated operating norms and mission rules developed over decades of spaceflight. They would all have introduced more risk to an already hazardous undertaking.
Let me repeat: There was absolutely nothing that could have been done to get the STS-107 back!
There is no dearth of proposed hardware changes and/or operating restrictions to keep future orbiters from suffering the fate of Columbia. Most of the proposals for cockpit escape capsules, post-launch external inspections, and restricting orbiters to International Space Station-compatible orbits seem to lose sight of why the space shuttle was developed in the first place. It was to carry large, heavy payloads and crews into near-earth orbit on a routine basis. It was not to be 100 percent foolproof and absolutely safe. No country can afford such a luxury. President Kennedy did not say, "We will make spaceflight absolutely safe in this decade and when it is safe, we will go to the moon."
Astronauts have always understood there is only so much that can be done to reduce the inherent risk in every space mission. The thermal protection system has always been the weak underbelly of the orbiter -- its Achilles' heel. NASA should improve this critical system if possible but it might be easier to eliminate any possibility of damage from other parts of the launch system. I mean the foam insulation on the external tank.
Retrofitting cockpit escape capsules to the shuttle fleet would take years and cost billions. One scheme would reduce the useful operating time by spending hours or days performing extravehicular inspections of the underside of each orbiter following launch. Restricting shuttle missions to ISS-compatible orbits would exact a 30 percent payload penalty and greatly limit operational flexibility.
NASA would be better off concentrating on a fix for the external tank insulation problem and getting the orbiters back in the air to do what they do best -- fly.
Considering what it does, the space shuttle really has a good safety record. It is certainly the safest manned space vehicle the United States has ever developed. Its record of two failures in 113 missions translates into reliability greater than 98 percent -- and management decisions could probably have avoided both of the failures. Considering what the space shuttle has accomplished in the past 22 years opening up a new frontier, it has been a marvelously safe machine. How many died opening up the American West in the 19th century? How many aviation pioneers lost their lives in the 30 years before commercial aviation took off in the 1930s?
It's time we acknowledge that space is the most dangerous environment into which humans have ever ventured. There will always be risk associated with manned space flight. There are also gains to be made from the exploration of space. We should reduce the risk to the point where gain to be made exceeds the perceived risk and then get on with the job.
Cunningham was a member of the backup crew for Apollo 1, served on the accident investigation committee and flew Apollo 7, the first manned Apollo mission. His book, The All-American Boys, will be in the bookstores in June.
back to News
© 1999-2015 collectSPACE.com All rights reserved.
Questions? E-mail firstname.lastname@example.org