Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!columbia!rutgers!sri-spam!ames!ucbcad!ucbvax!cartan!brahms!desj From: desj@brahms (David desJardins) Newsgroups: sci.space.shuttle Subject: Re: Launching shuttles too soon Message-ID: <359@cartan.Berkeley.EDU> Date: Tue, 18-Nov-86 23:02:13 EST Article-I.D.: cartan.359 Posted: Tue Nov 18 23:02:13 1986 Date-Received: Wed, 19-Nov-86 05:44:48 EST References: <7254@utzoo.UUCP> <346@xios.UUCP> <7275@utzoo.UUCP> <1010@husc2.UUCP> <260@cartan.Berkeley.EDU> <139@uniq.UUCP> Sender: daemon@cartan.Berkeley.EDU Reply-To: desj@brahms (David desJardins) Organization: Math Dept. UC Berkeley Lines: 231 In article <139@uniq.UUCP> rjnoe@uniq.UUCP (Roger J. Noe) writes: >But is the perceived shortness of time due to unbridled eagerness to resume >launches, or is it because we've made a reasonable effort to discover pre- >viously unknown problems and to implement corrections for known problems? >Only the latter is (in my opinion) proper justification for saying that >further delay is unwarranted. When the point is reached where we can >honestly say (not just about the SRB joints, but about all the criticality-1 >problems) that we've made a reasonable attempt to rectify the problems we >know about and that further delay would be all out of proportion to the >expected gains in safety and functionality, then and only then will it be >time to reconsider launching again. This is precisely what happened >following the 204 fire and that's precisely what we should be doing now. Great. I can honestly say that further delay would be all out of proportion to a risk that I estimate at 1%. Let's go. >> >.... Only one who is foolhardy would >> >choose to ignore a known problem such as with the SRBs right now and say, >> >"Sounds like an acceptable risk to me." >> >> This is where you are wrong. What is foolish is to refuse to fly until >> all known problems are fixed, regardless of the cost (in time and money). > >Just *who* is proposing that? Not me. Because to fix all known problems >either requires infinite time and money or the attitude of an ostrich. >I have neither. What is important is that we not be reckless, that we >not take *unreasonable* risks. You said (the quote is immediately above!) that it would be foolhardy to decide that a known problem constitutes an acceptable risk. The words are right there in black and white. If you can never decide that a known problem constitutes an acceptable risk then you can never launch. Period. With regard to your restatement, what is your criterion for determining whether a risk is reasonable or unreasonable? My criterion (and, I think, the rational one) has already been presented -- the value of launching must be weighed against the expected costs. If you were to accept this criterion, I find it hard to understand how you could argue against shuttle launches. Make the pessimistic assumption that the probability of SRB failure is 1% for each launch (it should be quite low, given that we know what conditions to avoid and can pay special attention to SRB assembly). That comes out to an expected cost of around $25M, based on an orbiter replacement cost of $2G+, plus the cost of other items like the SRB casings and crew training. The mean cost to NASA of each shuttle flight (not depreciation, just operational costs) is something like $200M, so the additional cost of accepting the SRB risk seems to be fairly small. But the real kicker is that, of that $200M, much of it is expenses that NASA incurs even if there are no shuttle launches! Personnel costs, maintenance of facilities and equipment, and so forth, cannot be substantially reduced. And there is a hidden cost even in those expenses that can be reduced -- the cost of losing trained personnel. Suppose that NASA can reduce its costs by 75%, to only $50M per launch canceled -- a very optimistic estimate. Then, I claim, the additional cost of launching a shuttle immediately, *even including the cost of assuming the SRB risk*, is only $150M + $25M, or LESS than we have been willing to pay for previous shuttle launches, and less than we will pay once launches are resumed. Not to mention other benefits, such as improved morale and avoiding the cost of rescheduling or canceling shuttle payloads, which can hardly be estimated. So, if you accept the cost analysis criterion, it is impossible for me to understand how you can oppose the resumption of shuttle flights. >How can you say you're certain of the estimated probability of failure without >consulting experts? Are you an aerospace risk assessment engineer? And how >are you defining "mission failure" probability? If you refer to the chance of >losing both orbiter and crew, you'd better check the figures. I've worked in >aerospace, especially engineering on some very new designs, and I find it very >hard to believe that any responsible organization would insist on testing an >untried design if they calculated the probability of losing both pilot and >aircraft at one in five. That's reckless. If you can't reduce the chance >well below that, there's just no point in trying it, unless you were the one >who invested *all* the time, money, and talent in the project and it's only >your life at risk and therefore no one else at all has anything to lose if >you choose to be reckless. (I am also ignoring here possibilities of risk >to innocent bystanders and the public at large, which would of course enter >into consideration in a real situation.) Let's use some simple statistics. There were approximately two dozen manned US space flights before the shuttle. Two of these resulted in what I would call "mission failure," one in loss of vehicle and crew. Thus, our a priori assumption would be that the chance of mission failure on manned flights seems to be about 10%. There are obviously many other factors to be considered. On the positive side: much greater knowledge about rocket propulsion and space flight in general and technological improvements since the 1960s and early 70s. On the negative side: at the time of the first launch the shuttle was the most complicated and least tested of US manned space vehicles; in particular, neither the SSMEs nor the SRBs had been tested in flight, nor had the thermal protection been tested on atmospheric reentry, nor had there ever been a flying reentry from orbit (although there had been some testing of the shuttle's landing capability, and of course extensive simulation). In my opinion, the technological advancement about makes up for the greatly increased complexity of the shuttle, and so the relative lack of testing would put the first shuttle launch at greater risk than previous space flights. A more optimistic assessment perhaps would estimate the risks as equal. No doubt you could produce some calculations which would have a much smaller result. But, as you yourself say later in your article, it is impossible to estimate unknown risks accurately. For example, the estimate of the risk of catastrophic SRB burnthrough was obviously much too low (although flying it outside its rated temperature range certainly didn't help!). I am not saying that risk assessment has no value; quite the contrary. It has great value for estimating relative risks and setting priorities. But to pretend that the numbers produced by risk-assessment engineers are accurate predictions of the probability of failure is just fantasy. I wish I had access to the data, say of risk assessments for all US space flights, so that I could perform a statistical analysis of the relationship between predicted and observed risks. I am very confident that the results, when applied to shuttle risk assessment figures, would justify my estimates of the probability of failure of the initial shuttle mission. >I disagree with your assessment that the first shuttle flights were >riskier than is flying now with the problems the STS is known to have. >The SRBs, in particular, were among the elements with what was perceived >to be the lowest chance of failure. Taking this as true meant that the >complete lack of a redundant system was acceptable. [...] The problem >existed on STS-1, but it wasn't until 51-L that it was commonly known. >And that makes all the difference. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This is precisely the point. It makes no difference at all. The risk is the same regardless of whether you know about it! The *only* difference is that until a shuttle actually blows up you can hide your head in the sand and pretend that it is perfectly safe. And then after the accident you can pretend that it is completely unsafe. But the *fact* of the matter is that the danger was always exactly the same. It appears to have turned out that the risk of initial shuttle flights was less than we might have expected -- certainly less than I expected -- it seems to have been on the order of 5%. But we must realize that we have been very lucky! I'm sure that if you had told the shuttle designers before the launch that we would have 24 perfect shuttle flights (i.e., no mission failures) they would have been *extremely* pleased. For that matter, I don't know of any informed analyst who failed to predict that we would lose at least one shuttle during the life of the shuttle program. So why, when that loss finally occurs, do we pretend that the risk of flying the shuttle has increased? In fact the risk has *decreased* substantially, because we have now identified one of the major unknown failure modes of the shuttle and can take steps to mitigate it. >Partially true. But it's premature to say we thoroughly understand what >happened to 51-L, why it happened, what similar malfunctions could occur in >future flights and how to lessen the chance that they will happen. It was >only a few weeks ago, I think, that Morton Thiokol duplicated the joint >rupture for the first time since the accident. You seem to agree that the >shuttle should not fly (at least) until this problem is understood and fixed, >to whatever extent is feasible. The difference of opinion is over whether >or not the problem has yet been understood, fixed, and what the limits of >feasibility are. >> *I* wouldn't want to fly with someone so irrational as to demand that >> certain risks be reduced while other, larger risks remain. Nor with someone >> so irrational as to be willing to fly with a 10% unknown risk but not with >> a 1% known risk. > >Where do you get these ideas, David? I'm in favor of reducing *all* major >risks, when practical and clearly beneficial to do so. And how can you >measure the amount of unknown risk? Rational behavior dictates doing what >is practical to reduce known risks. You can't do much about unknown ones. Here is the quote I referred to above, where you admit that risk assess- ment cannot do much to measure unknown risks. In any case, your reply is not responsive. Do you agree that the first shuttle flight was much more hazardous than an immediate one would be now? This seems impossible to deny, given that we can now substantially reduce the chance of SRB failure by avoiding certain launch conditions, and further given the fact that there seems not to have been a single serious design flaw on the shuttle itself, which is amazing given its great complexity (i.e., it would not have been all that surprising to lose one of the first few shuttle flights to, say, a structural weakness, while it would be very surprising now). >> I can't understand how you can worry so much about a few lives while >> millions die every year whom you could have saved by giving them some >> food. Or while thousands are killed with weapons paid for by your tax >> dollars. Or while thousands of accident victims could be saved by an >> investment in trauma centers. If your desire is to save lives, it makes >> a lot more sense to invest your dollars and time in those things than to >> worry about making the shuttle safe. > >This reeks of the same thinking that some people have used over the last >two decades in protest of spending money on space exploration. "Why spend >billions on going to space when there are people starving in Berkeley, >California?" The argument is specious and has been presented and refuted >too many times already. I think we've got better things to do with >sci.space.shuttle. Then why the hell do you bring it up? I didn't make this argument; I didn't even say anything that resembles it. *You* brought it up in order to discredit what I was saying by associating it with this nonsensical argument, while not having to respond to what I said. Again, I will ask you specific questions. Do you deny that, if you desire to save lives, you could save more lives by spending $100M on trauma centers, or cancer research, or aid to Ethiopia, than you could by spending that $100M on making the shuttle safer? The truth of this seems to be self- evident, since you could save at most seven lives on the shuttle, while any of the alternatives would save a hundred or more lives. And then, if you accept the above, do you admit that your interest in making the shuttle perfectly safe cannot be solely justified by an interest in saving lives? This is the only point I was trying to make. You may accept it, but the person to whom I was replying with the above lines did not, and that is why I wrote them. >>It seems instead that your interest is in saving a few *particular* lives. > >Yes! Have you figured out *why* I am so concerned with these few particular >lives? Because when we lose them we stand a chance of losing our space >program. As valuable as I consider individual human lives to be, I think >the continued exploration of space is more important. If we proceed too >quickly, if we aren't careful enough, if we WASTE human lives in an accident >that should have been avoided, then the citizens of this country just may >decide that people don't belong in space and that decision would be more of >a tragedy than the death of seven remarkable people. Aha! This I can agree with. It is certainly true that the American people are too stupid to understand why lives should and must be risked, and so for political reasons it may well be best to avoid risks that would otherwise be acceptable. So if you believe that these political consider- ations make it necessary to avoid risks that would otherwise be acceptable, then I (and, I suspect, Henry as well) will admit that this might well be correct -- while I may still disagree, I can at least understand this point of view. -- David desJardins