24 thoughts on “The NASA Safety Bureaucracy”

    1. Leland, while that would be true, if the rocket *were* truly inert, it never can be, once it is erected on the launch pad. It has range safety destruct charges attached early in the process. It has a structure that is lightweight enough that uncalculated movements of gantry apparatus (perhaps even of the equipment that brings crew to the capsule entrance) can break it into a deadly collapse. The simple fact is that NASA already lost 3 astronauts using exactly the rule they want to enforce, …in the Apollo 1 fire.

      It is private spaceflight that simply cannot be enough to satisfy any dependent of Senator Shelby, who is Chair of half the patrons for all of NASA. Private spaceflight contributes nothing to his political power, and threatens the patronage which so much of his power depends on. Move spaceflight safety to a new “Space Guard”, with the explicit recognition that we cannot make it as safe as a walk through the campus of Rice University.

      1. Range safety destruct charges make sense for expendable artillery. But at some point as the vehicle becomes more reliable they become a net hazard.

        On another point, are they seriously trying to force a practice that contributed to the Apollo 1 tragedy?

  1. I don’t get the impression that the issue on the bureaucracy’s mind is safety. The illogic of sending astros on a launch with an untried stage – as compared to their complaints about Sace-x safety – makes that abundantly clear.

    This is about rice bowls.

    1. Exactly. This: “With all these objections, it surely appears that GAO, ASAP, and NASA would prefer the U.S. remain stuck on the ground, unable to launch its own astronauts, if there was even the slightest chance that something might go wrong.” could probably be rewritten as “if NASA can’t use it’s own overpriced SLS”.

  2. This issue will eventually go away when SpaceX and others start sending up their own astronauts. That presupposes it makes economic sense for them to do so, for various in-space activities presumably made economic by greatly reduced launch costs.

    1. I wonder what the feasibility of SpaceX doing a few manned flights of its own is. They could do claim they’re testing the capsule for Blue Origin-style paid passenger flights.

          1. As in, better not piss off your *one* customer for crewed missions that can also make it very hard for you to do ones on your own….

    1. WOW! expending the stage for a high risk test of a more difficult landing procedure, and it apparently nails the landing so well that the stage is mostly intact even without the landing barge.

      1. Assuming they can get it back to port, they can recover components for additional destructive testing. Telemetry is great but engineers really love to take their test articles apart given the chance.

  3. It’s is a really good thing that Zimmerman got that published. There have been several recent drive by op-eds targeting normal people who don’t have the time or inclination to closely follow developments in the space industry with misinformation.

    We need more of this.

    An informed rational look at the commercial programs at NASA would also flow naturally into conservative views of small government, capitalism, and individualism. The only way to prevent conservative types from supporting these developments is to lie to them.

  4. The Zimmerman article is excellent.

    I’m not saying that NASA is colluding with the Russians, but they sure don’t seem to be in a hurry to eliminate our dependence on them.

  5. I am reminded of this re risk in space (from an episode of Startrek NG): Q: If you can’t take a little bloody nose, maybe you ought to go back home and crawl under your bed. It’s not safe out here. It’s wondrous, with treasures to satiate desires both subtle and gross, but it’s not for the timid.

  6. I’ve studied launch vehicle safety for several years. The established players (NASA, USAF, Ariane, ULA, Space-X, Soyuz, etc) have an average vehicle loss rate on the order of one per hundred flights. For a truly reusable system flying daily, that would be 3 losses per year, which is clearly unacceptable. I’ll use the Challenger incident as an example. First, the joint seal was a bad design. The proposed alternate face seal on the ASRM did not have that defect, but was never implemented. Second, when NASA saw seal erosion on multiple flights, instead of fixing the design fault, they chose to characterize it with lots of ground tests. That produced a set of technically acceptable environmental conditions within which the solid rocket boosters could safely fly. On the morning of the launch, those environmental criteria were outside safe limits. The Thiokol engineer at the launch site recommended they not fly, but NASA overruled the contractor. The result was vehicle loss.

    So there were 3 problems; the bad initial design, the effort to characterize the problem rather than fix it, and the management decision to override Engineering and to launch anyway.

    At the time, NASA had probably the biggest and most saluted cadre of safety organizations of any in the world, but that didn’t prevent the incident. More and more prestigious safety organizations will not achieve a factor of 100 lower vehicle loss rate.

    My conclusions were first to have adequate design reviews. Anybody can have a bad day, so extra eyes on all designs helps, plus it mentors the younger engineers. (BTW, NASA had letters from O-ring manufacturers saying the design was not a good one, but NASA ignored them too) Second, if there is a recognized problem, FIX IT instead of characterizing it. Third, cultivate a safety culture rather than a safety organization. This needs a healthy bottom-up flow of information where anyone, including the guy who sweeps the floor, can call attention to a nascent problem. The problem is that typical aerospace organizations follow a top-down management structure and people at the working level don’t get to flag potential problems. They may say they cultivate that, but it needs to be real and comfortable for the entire work force.

    But the biggest thing that would improve safety is low cost per flight. Yup, that’s what I said, low cost leads to safety. The only way to identify and fix potential problems is show real, not calculated reliability is with frequent flights, and the only way to have frequent flights is if you can afford to have them. Of course, a vehicle system architecture that has intact aborts even in the case of engine failure greatly helps that.


    1. The Thiokol engineer at the launch site recommended they not fly, but NASA overruled the contractor. The result was vehicle loss.

      For the record this isn’t exactly correct. Managers at NASA Marshall challenged the original recommendation against launch from Thiokol’s rep. at KSC Alan McDonald. That’s what led to the famous telecon call on the eve of the launch. Two Thiokol engineers in Utah, Roger Boisjoly and Arnie Thompson gave a presentation as to why Thiokol was recommending not to launch in temperatures below 53F. Originally Thiokol manager Joe Kilminster agreed. Marshall’s Larry Mulloy first queried NASA MSF deputy director George Hardy whether or not he would approve launch against Thiokol’s recommendation and Hardy replied he was “appalled” at the Thiokol recommendation, but that he would not approve launch against the contractor’s recommendation. Mulloy then proceeded to present his case as to why he believed the Thiokol recommendations were at best inconclusive. Among the rebuttal items he noted the fact that in previous launches less o-ring erosion had been seen in colder launches than had been seen in warmer ones, thus there was no clear relationship between temperature and erosion. Thiokol then went off-line on the telecon, and among four key managers including Kilminster (but not including Boisjoly and Thompson who never changed their position) decided to change Thiokol’s position from a no-go to a go recommendation. Once the signed recommendation was sent back to NASA, McDonald’s objection became moot. So you can’t say NASA overruled the contractor, bullied might be a better way to describe it. NASA was certainly aware of the original objection, the fact that they were biased into a launch positive rather than launch negative position when faced with uncertainty and a willingness to accept the canard that past behavior is a good predictor of future behavior in the absence of data; is a psychology now known as “go fever”.

      http://www.onlineethics.org/Resources/thiokolshuttle/shuttle_telecon.aspx


  7. Second, if there is a recognized problem, FIX IT instead of characterizing it.

    But the biggest thing that would improve safety is low cost per flight.

    Yes and yes.

Leave a Reply

Your email address will not be published. Required fields are marked *