NASA delayed the launch of the space shuttle Atlantis, again. This time until Sunday at the earliest. Since the rocket scientists and engineers can't fix the problem, they are again considering changing the flight rules instead. Fortunately, NASA has gotten away with such dangerous tomfoolery in the past. It just strikes me that under the pressure of trying to get a shuttle launched is not the best time to reconsider safety rules.
The problem remains the faulty fuel gages, or perhaps faulty fuel gauge readings:
Engineers suspect the sensors are fine and that the problem is with an open circuit somewhere in the extensive wiring. Any repair would take days.. This is not a new problem. Discovery experienced similar problems in July 2005. Just like the failure to fix falling foam and ice, NASA's failure to solve the faulty fuel gages unnecessarily endangers the shuttle and crew. Once again I wonder whether NASA learned key lessons that had emerged from the Columbia disaster.How the sensors work
Each shuttle fuel tank is equipped with four engine-cutoff sensors, also known as "ECO sensors," that keep track of whether the tank is empty or full of liquid hydrogen. The sensors are part of a backup system that would kick in if the tank was leaking during the climb to orbit, for example, and safely shut down the engines. The engines could ignite or explode if they kept running without fuel.
NASA has been bedeviled by these fuel-tank sensors ever since 2005, when shuttle flights resumed following the Columbia disaster. Last year, the space agency eased its sensor rules for launch, and also conducted an investigation into why the sensors failed. NASA thought they had isolated a bad batch of sensors, but Hale said he was disappointed to see the problem crop up again.
Over the past couple of years, engineers have added more instrumentation that can tell flight controllers whether the sensors are working right. If enough sensors failed during liftoff and, possibly, a sizable leak was detected, Mission Control could instruct the astronauts to manually shut down the engines early. But the procedure has never been given a test run during an actual launch.
Even though the flight rules may go back to a four-for-four requirement for the sensors, Hale said that would not rule out a launch on Sunday. In previous cases, the problems with the sensors seemed to clear up once fuel was removed from the shuttle's tank and then replaced.
"Our experience has been that they magically work," Hale said
In a scathing "minority report," contained within the final report of the Return to Flight task group appointed to evaluate how the US space agency meets the recommendations by the Columbia Accident Investigation Board (CAIB), found so much emphasis was placed on trying to meet unrealistic launch dates that some safety improvements were skipped:
SummaryThe Final Report of the Return to Flight Task Group can be found, here. The "minority report" can be found at Annex A.2, pages 188- 216.It is difficult to be objective based on hindsight, but it appears to us that lessons that should have been learned have not been. Perhaps we expected or hoped for too much. The CAIB report should have served NASA as a “wake-up” call. As the CAIB noted (Vol. I, p. 208), “The recognition of human spaceflight as a developmental activity requires a shift in focus from operations and meeting schedules to a concern for the risks involved. Necessary measures include … Barring unwarranted departures from design standards, and adjusting standards only under the most rigorous, safety-driven process.”
We expected that NASA leadership would set high standards for post-Columbia work. We expected upfront standards of validation, verification and certification. We expected rigorous and integrated risk management processes. We expected involved and insightful leadership from NASA Headquarters. We were, overall, disappointed.[. . .]
Conclusion
Among the most damning observations CAIB made of NASA was the sense of complacency toward the problem of the External Tank shedding of foam. Despite program requirements that no debris should be shed, there were over 15,000 instances of damage to the Orbiter, most of which came from debris from the Space Shuttle elements. As has been widely reported, two flights before Columbia, a large piece of foam was shed and caused minor damage to one of the Solid Rocket Boosters. Photographic documentation was available of major foam shedding from the External Tanks on at least seven previous flights (CAIB Vol. I, p. 85). Despite all this evidence, foam had never destroyed an Orbiter and the program relied on this. “flight history” to justify inactivity before and during the flight of Columbia.
This “We’ve seen this before” mentality is still present, and it appeared on more than one occasion during MMT simulations. In addition, leading up to the return-to-flight, the program justified not pursuing potential ice damage to the Orbiter umbilical doors because there had not been substantial damage on previous flights. Despite the evidence of impacts all around the area, the official rationale for accepting the risk was listed as “flight history;” i.e., we’ve never had critical damage there before.
NASA’s leaders and managers must break this cycle of smugness substituting for knowledge. NASA must be able to quantify risk, even if imperfectly, set requirements and expectations, and hold organizations and individuals accountable, Analytical models – while valuable tools – cannot substitute for engineering judgment and conscience. Rigor must be reestablished throughout the Agency. Opinion, no matter how well informed, cannot replace objective evidence. Flight history, while critical for informed judgment, cannot substitute for it. “We’ve been lucky” is a statement that should never be associated with the human spaceflight programs.
Both the fuel gages and the foam problem should have been fixed long ago.
Comments