Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!lll-crg!rutgers!clyde!cuae2!ihnp4!uniq!rjnoe From: rjnoe@uniq.UUCP (Roger J. Noe) Newsgroups: sci.space.shuttle Subject: Re: Launching shuttles too soon Message-ID: <140@uniq.UUCP> Date: Thu, 20-Nov-86 16:00:45 EST Article-I.D.: uniq.140 Posted: Thu Nov 20 16:00:45 1986 Date-Received: Fri, 21-Nov-86 05:04:42 EST References: <7254@utzoo.UUCP> <346@xios.UUCP> <7275@utzoo.UUCP> <1010@husc2.UUCP> <359@cartan.Berkeley.EDU> Organization: Uniq Digital Technologies, Batavia, IL Lines: 228 In article <359@cartan.Berkeley.EDU>, desj@brahms (David desJardins) writes: > In article <139@uniq.UUCP> rjnoe@uniq.UUCP (Roger J. Noe) writes: > ... > >... [have we] made a reasonable effort to discover previously > >unknown problems and to implement corrections for known problems? > >Only [that] is (in my opinion) proper justification for saying that > >further delay is unwarranted. When the point is reached where we can > >honestly say [about critical problems] that we've made a reasonable > >attempt to rectify [these problems] and that further delay would > >be all out of proportion to the expected gains in safety and functionality, > >then and only then will it be time to reconsider launching again. > ... > Great. I can honestly say that further delay would be all out of > proportion to a risk that I estimate at 1%. Let's go. That's your opinion. As you can see, not everyone agrees with that opinion. [To avoid four levels of inclusions, the next few paragraphs are presented as a dialogue.] RJN: .... Only one who is foolhardy would choose to ignore a known problem such as with the SRBs right now and say, [the risk is acceptable] DdJ: This is where you are wrong. What is foolish is to refuse to fly until all known problems are fixed, regardless of the cost (in time and money). RJN: Just *who* is proposing that? Not me.... What is important is that we not be reckless, that we not take *unreasonable* risks. DdJ: You said (the quote is immediately above!) that it would be foolhardy to decide that a known problem constitutes an acceptable risk. The words are right there in black and white. If you can never decide that a known problem constitutes an acceptable risk then you can never launch. Period. Read it again, David. "... a known problem SUCH AS WITH THE SRBs RIGHT NOW" (emphasis added). Not just any known problem, but a problem that has already demonstrated its capacity to destroy STS and crew. A problem for which, the experts have said, virtually nothing can be done to prevent "moby lossage" even if it's detected in advance. The are a number of criticality-1R problems which show potential for this much destruction and which are unavoidable after they start. It makes good sense to take at least SOME steps to see that they never get started. > With regard to your restatement, what is your criterion for determining > whether a risk is reasonable or unreasonable? My criterion (and, I think, > the rational one) has already been presented -- the value of launching must > be weighed against the expected costs. We are in agreement that the value of launching must be weighed against the expected costs. But I don't think that expected-case analysis is sufficient; I think worst-case conditions need to be examined, too. In the end, it comes down to a value judgment, which is going to be different for every person. My standard is to leave it up to the experts, i.e. the NASA and contractor personnel directly involved with the mission. If they are all in agreement that the time is right, I'm comfortable with that. This, by the way, is apparently not what happened just before the 51-L launch and demonstrates the need for independent oversight. If and when I become immediately involved in a space mission, I would hope that I have some participation in the go/no-go decision. > If you were to accept this criterion, I find it hard to understand how > you could argue against shuttle launches. Make the pessimistic assumption > that the probability of SRB failure is 1% for each launch ... > .... That comes out to an expected cost of around > $25M, based on an orbiter replacement cost of $2G+, plus the cost of other > items like the SRB casings and crew training. The mean cost to NASA of > each shuttle flight (not depreciation, just operational costs) is something > like $200M, so the additional cost of accepting the SRB risk seems to be > fairly small. But the real kicker is that, of that $200M, much of it is > expenses that NASA incurs even if there are no shuttle launches! It's not all dollars, David. If the same accident happens again, you can be pretty sure that Congress (with the approval of most of the U.S. citizenship) and the President will take the STS away from NASA, if not dissolve or radically change the mission of NASA itself. Crewed space exploration would (or very well could) completely cease in the United States for a couple of generations, easily. Remember, most of the general public is still under the impression that space launches are basically safe, that AS-204 and STS-51L were just flukes. The truth is that it is very dangerous and only with the utmost care (and a little luck) can we prevent total disasters. If we can make plain just how dangerous this undertaking truly is, then the public could be a little more tolerant of accidents. Then isolated (i.e. non-systematic) incidents would have much less chance of causing the cancellation of entire programs. But if NASA says, "Uh, we did lose one orbiter and, coincidentally, its crew, but we're very confident that future missions will show more nominal performance" then the people are going to say they're fools and should be stopped. > So, if you accept the cost analysis criterion, it is impossible for me > to understand how you can oppose the resumption of shuttle flights. Clearly, I reject out of hand the cost analysis criterion. If STS was meant to be a for-profit venture, it would be in the hands of NASA, Inc. not NASA, a U.S. government administration. It never should have been expected, much less required, to live up to the profit making fantasy. Certainly not when Congress (and its constituency) was unwilling to invest the necessary venture capital to achieve the kind of operational efficiency they wanted. > Let's use some simple statistics. There were approximately two dozen > manned US space flights before the shuttle. Two of these resulted in what > I would call "mission failure," one in loss of vehicle and crew. Thus, > our a priori assumption would be that the chance of mission failure on manned > flights seems to be about 10%. > There are obviously many other factors to be considered. One of which you are forgetting: that we show the same care in making mission decisions that we used to. In any event, the number of space missions so far is so small as to be statistically insignificant, from an actuarial point of view. > >I disagree with your assessment that the first shuttle flights were > >riskier than is flying now .... > >The SRBs, in particular, were among the elements with what was perceived > >to be the lowest chance of failure. Taking this as true meant that the > >complete lack of a redundant system was acceptable. [...] The problem > >existed on STS-1, but it wasn't until 51-L that it was commonly known. > >And that makes all the difference. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > This is precisely the point. It makes no difference at all. The risk > is the same regardless of whether you know about it! I insist this makes all the difference. You can't do anything about a problem until you're aware of it. Accidents because of ignorance, in spite of making a sound attempt to discover unknown risks, are understandable because they are unavoidable in any human endeavor. But to say "why do anything about a problem I just learned about if it was always there anyway?" is just self-deception. As it turns out, several people *did* know of the SRB problem beforehand and either didn't speak up or were silenced by others. This is inexcusable. Now that a major disaster has occurred, we have the opportunity to actually reduce the risk of shuttle flights, and not only in the area of SRBs. Up until the 25th shuttle mission, the risk was nearly the same as the first flight, not significantly less since the engineering changes were limited. Mostly what has changed is our confidence in various parts of STS, not the actual risks associated with flying it. > .... I'm sure that if you had told the shuttle designers > before the launch that we would have 24 perfect shuttle flights (i.e., no > mission failures) they would have been *extremely* pleased. What do you call a "mission failure?" Just look at the launch aborts - a redundant set (of computers) launch sequencer (RSLS) abort June 26, 1984 (41-D, Discovery), another one July 12, 1985 (51-F, Challenger) and then an abort-to-orbit (ATO) on the same mission when it launched 17 days later (remember, one SSME shut down and another one was about to had they not overridden what turned out to be faulty sensors), and a final RSLS abort on December 19, 1985 (61-C, Columbia), the last mission before 51-L. Not to mention malfunctions in fuel cells, on-board computers, auxiliary power units, remote manipulator system, etc. But that's four launch aborts in 24 missions. If you merely define "mission failure" to be loss of crew and vehicle, that's something different. But I think many on the design team would have been less than pleased to find out, before STS-1, that one orbiter and crew would be obliterated in the first 25 missions. > ... I don't know of any informed analyst who failed to predict that we would > lose at least one shuttle during the life of the shuttle program. So why, > when that loss finally occurs, do we pretend that the risk of flying the > shuttle has increased? In fact the risk has *decreased* substantially, > because we have now identified one of the major unknown failure modes of > the shuttle and can take steps to mitigate it. That "life of the shuttle program" was supposed to be like 100 flights for each of the orbiters. One vehicle in 400 launches is 16 times less than one vehicle in 25 launches. And it says nothing about losing a crew. We aren't pretending that the risk has increased; just that we are now aware of a risk of which we were formerly ignorant. The risk decreases only when we *do* take some steps to prevent future occurrences of the problem. We've just started on that. > Do you agree that the first > shuttle flight was much more hazardous than an immediate one would be now? No, just about the same. The difference is that we know of a bug we can start fixing, and that is what will make future shuttle missions less hazardous than the first. We also know of things we didn't before STS-1, things that won't cause problems. But that doesn't change either how risky STS-1 was or how risky an immediate flight would be. > This seems impossible to deny, given that we can now substantially reduce > the chance of SRB failure by avoiding certain launch conditions, and further > given the fact that there seems not to have been a single serious design > flaw on the shuttle itself, which is amazing given its great complexity I agree, it is amazing. Hats off to NASA, Rockwell International, and all the other contractors with the possible exception of Morton Thiokol. :-) But the final evidence is not yet in on what else might cause similar launch accidents. It seems prudent to take the time to analyze the situation and make what engineering and operational changes we can to make the occurrence less likely in the future. While we're at it, why don't we fix a lot of the other problems we've been warned about, rather than waiting until after a disaster has happened? > .... do you admit that your interest in > making the shuttle perfectly safe cannot be solely justified by an interest > in saving lives? This is the only point I was trying to make. I am not interested in making the shuttle "perfectly safe" because I do not pursue unattainable goals. In any event, I have pointed out that my goal is not just to save lives (although that is something I do pursue in various ways) but to save the crewed space exploration program. One way to accomplish this is to take steps to help prevent further loss of shuttle orbiters and crews. > .... It is certainly true that the American > people are too stupid to understand why lives should and must be risked, I would not call them stupid. Let's just say they don't share my goals. > and so for political reasons it may well be best to avoid risks that would > otherwise be acceptable. So if you believe that these political consider- > ations make it necessary to avoid risks that would otherwise be acceptable, > then I (and, I suspect, Henry as well) will admit that this might well be > correct -- while I may still disagree, I can at least understand this point > of view. > > -- David desJardins I'm happy to see that you have come to understand my point of view, in spite of your earlier doubts. I hope that others have found our exchange interesting and, possibly, enlightening. Considering what is at stake, this mutual understanding is very rewarding and all too rare over this medium. (There are a couple puns in that sentence for those daring to look.) Now if we can only get Congress to talk this much about space exploration ... Roger Noe ihnp4!uniq!rjnoe Uniq Digital Technologies (312) 879-1566 Batavia, Illinois 60510 41:51:10 N. 88:18:25 W. -- "While chaotic and inane ramblings abound, [USENET] is quite popular." Communications of the ACM, vol. 29, no. 10 (Oct. 1986), p. 958.