Recently you may have heard about former astronaut Scott Parazynski’s adventure to climb Mt. Everest. He carried a sliver of a moon rock from Apollo 11 with him, and then picked up a sliver of a rock from the top of the highest mountain in the world. These two rocks were encased in plastic, handed over to NASA, and flew aboard the space shuttle to be installed in the new Tranquility module of the International Space Station. All very inspiring and good.
Now for the rest of the story.
All items to fly aboard the shuttle and/or reside on the station have to go through a safety review process. One of NASA’s early and painful lessons was the Apollo 1 fire. Fire in space could clearly be catastrophic, and the oxygen content of the atmosphere of both the shuttle and the station has some variability – and can be higher than normal earth atmospheric oxygen content. It turns out that the plastic which the two rocks were encased in has bad properties in a fire situation. To their credit, the new NASA safety organization attitude is no longer “No because” but “Yes if”. The memento could be flown and displayed on the ISS if it were encased in another transparent, fire safe material. If you see it today on the ISS, the rocks are doubly enclosed, once in “bad” plastic, and over that a layer of “good” polymer.
Now, is this bureaucratic overkill? Would you have fire safety disregarded? How would you handle this situation if you were in charge? Just take the risk? Or do the bureaucratic thing and apply another layer of safety? Careful with your answer. I’ve had to face crewmember’s families after their loved one perished. That experience makes you think very hard about these kinds of decisions.
http://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPR&c=8705&s=2B
Even if you read it thoroughly you willnot understand what is really being said unless you understand the context and the NASA culture in which it resides. Just reading the document without understanding the organization will lead you to wildly erroneous conclusions. Let me try to put this document in perspective and plain language.
The first conclusion is obviously this document was written for a government run program in the style of Shuttle or Station. The underlying assumption is that the NASA Program Manager makes the decisions within the framework of the NASA management structure. So to apply this document to commercial human spaceflight will take a re-writing. In fact, a committee is already working on a new version which would apply to vehicles on which NASA might buy seats.
So the Human Rating Requirements “NPR 8705.2B” is only a small selection of the standards and processes that go into human rating a spacecraft. As the document says early on “ . . . complex space hardware requires all missions to meet high standards . . . This NPR is to define and implement additional processes . . . necessary to human-rate space systems . . . this NPR is linked to, and depends upon, many of the requirements . . . contained in other NASA directives.”
Are you getting the picture?
When I was shuttle program manager, I asked how many standards were levied on the shuttle program. The answer was in excess of 40,000. How can that be, you might ask. Easily, I would reply. There are all kinds of standards: welding standards, parts standards, cleanliness standards, fracture control standards, vibration standards, EMI standards, wiring standards, mil standards and mil specs, software design and testing standards, and on and on and on.
For a short list of some of NASA technical standards – all of which are likely to be applied to commercial human spaceflight – visit this page: http://standards.nasa.gov/documents/nasa
But wait, that’s not all! Each of these documents requires the use of more reference standards. Let me give you an example of further standards referenced from a NASA parent standard; this from a recent presentation:
“NASA-STD-4003 September 8, 2003 Electrical Bonding for NASA Launch Vehicles, Spacecraft, Payloads, and Flight Equipment (25 pages)
+ Mil – C-5541, Rev E 11/30/1990 Military Specification, Chemical Conversion
Coatings on Aluminum and Aluminum Alloys
+ SAE-AMS-M-3171 4/01/1998 Magnesium Alloy, Processes for Pretreatment
and Prevention of Corrosion on
+ SAE-ARP-5412 11/1/1999 Aircraft Lightning Environment and Related Test
Waveforms”
That is a short standard with a short subsidiary list. Remember that if your electrical equipment is not well bonded (grounded), you are likely to have a serious problem. This is precisely an example of the care and expertise that goes into aerospace vehicles to make them successful – and safe. Norm Augustine’s book declares “the $5000 dollar electronic component will always fail so as to protect the 50 cent fuse” (Electronics boxes were cheaper in his day). Even better to remember is Michelangelo’s famous dictum: “Trifles make perfection, but perfection is no trifle.”
There are a variety of standards available in the world, and I was very un-amused one day to be drawn into a debate by two technical warrant holders over which welding standard was superior: the ANSI or the ASME. The ISS organization has cheerfully adopted European or Japanese standards for the components built overseas. But whether the spacecraft was built in the USA or overseas, at every step in the design, testing, and production of a space vehicle, there is some NASA organization or person who has been invested with the power to enforce those standards.
Armchair authorities like to discuss the “big ticket” items in the Human Ratings Requirements: redundancy requirements for fault tolerance, or minimum factor of safety for structures as examples. Real rocket builders know while those are important, the real key to safety and success is very much more affected by the quality of parts and myriad individual steps in workmanship of the end product. These are measured against thousands of individual checks against the appropriate standard. So you must realize the vast majority of standards and requirements do not show up in the NPR 8705.2B Human Ratings Requirements document, they must be searched out in a hundred subordinate documents.
A third observation can also be made very early in the document. NASA has “technical authorities” for safety, engineering, health/medical, and crew. Following the Columbia Accident Investigation Board recommendations, the agency was reorganized so that the technical authorities do not work for the program but maintain independence to ensure that NASA programs are executed safely. In fact, if a technical authority disagrees with the program manager, it is the program manager who must comply or appeal to a higher authority. This is designed to ensure that cost and schedule pressures do not lead to unsafe decisions.
Transparency in government: the NASA governance model can be read at: http://nodis3.gsfc.nasa.gov/npg_img/N_PD_1000_000A_/N_PD_1000_000A_.pdf
Here is an interesting and operative paragraph:
“3.4.2.1.4 Authority Roles Regarding Risk
Decisions related to technical and operational matters involving
safety and mission success risk require formal concurrence by the
cognizant Technical Authorities (Engineering, Safety and Mission
Assurance, and Health and Medical). This concurrence is based on
the technical merits of the case and includes agreement that the risk
is acceptable. For matters involving human safety risk, the actual
risk taker(s) (or official spokesperson[s] and his/her/their supervisory
chain) must formally consent to taking the risk; and the responsible
program, project, or operations manager must formally accept the
risk.”
What does that mean in plain language? Basically the builder must comply with what the independent technical expert requires.
I can remember one shuttle issue with the agency tribology expert (that’s lubrication to most folks). The technical expert would not budge a millimeter (0.254 inch) in requiring servicing of a part almost inaccessible deep in the bowels of the orbiter. The agency technical experts have absolutely no incentive to back off on their standards. They are independent of the program. They are not concerned with cost or schedule, only with compliance. Compliance brings about safety, why would we want them to do anything less?
How will that fit with a lean, entrepreneurial commercial organization with a profit/loss bottom line? Heck if I know.
So on about the fourth page of the Human Ratings Requirements document you can read that before work starts on a spacecraft design, a meeting is convened of the technical authorities to tell the program manager what standards and specifications the new vehicle will have to meet.
Don’t forget the legend that is stamped on the top of the front page: “Compliance is Mandatory”
That’s probably enough for an overview. We may visit the in-depth requirements on another day.
Remember that the requirements document for commercial services is being written and the NASA governance model can change at any time. So this discussion serves as a background of where we are today and where we have been, not necessarily where we are going to go in the future.
My takeaway?
The agency tried really hard to be as safe as possible and we still had the Apollo 1 fire, close calls on several lunar missions – the most famous of which was Apollo 13 – and we lost Challenger and Columbia. In spite of our best intentions and best efforts.
I’ll quote myself from my blog post Sine Non Qua on Sept. 11, 2009:
“Six years after the loss of Columbia, I’m not sure that we can make a spacecraft safe, but I have empirical evidence that proves beyond a shadow of a doubt that we can make it expensive.”
“How will that fit with a lean, entrepreneurial commercial organization with a profit/loss bottom line?”
Maybe the same way as the airline industry. Crashes hurt business. In any case, I hope it works out ’cause here we go!
Very informative as usual Wayne. Curious, do the Russians have to meet these standards before our Astronauts are allowed to fly with them? If not, how is it they can be exempt and a Space X, Jaxa or Easa Human rated spacecraft not be?
Mr. Waine.
I agree in gender, number and degree. Really no need for a ballast, a balance, a friction so you can move evenly. The astronautics is of course risky, and all patterns of improvement from the experience should never be underestimated. Very important that “those who think differently” in order to share visions of a new way, and it is important that identifies their shortcomings, proposes items and supervise its success. The bureaucracy is not bad if it is intelligent and brings a benefit. Not always the bureaucracy is costly and causes a delay. This happens when there is the product of an attempt to experience evolution. Unfortunately, that can be seen often in bureaucratic systems is the accommodation and development of severe and occurred only when it identifies that the bureaucratic system that does not meet expectations. It takes a harmful event for the bureaucracy to evolve. Unfortunately there will be a bureaucratic science researchers trying different ways, more simple and effective. Need social revolutions, accidents, tragedies, so there is a bureaucratic developments. The bureaucracy should evolve constantly, from the inside out and not in fits and starts, from the outside. It is utopian to believe being able to put away all the risks (we’ll keep beating the child toe in the corner of the portal, slipping in the bathroom, choking on the popcorn) but we can identify several possible dangers if not all of them to steer us. I personally am annoying when the issue is identification of errors: I live my penitence. I am the true self-disqualification. I keep measuring my actions, and to be fair to myself, I expose all my mistakes, crying, to find someone to help me to get rid of them. Luckily the rest is due, but I would have hit a stamp in the chest with the inscription “failed: dangerous and unsafe”.
Since we are headed to commercial human space flight, let’s think about how it can be done realistically. Since the United Launch Alliance (ULA) is already a know entity within NASA and the Orion capsule is more than an idea on the drawing board. Why don’t we finish the development of the Orion capsule and man rate the Atlas V and use these two items in concert and we could have man LEO in the next few years.
Looking back we went from ZERO to the moon in 10 years back in the ’60’s. Now in the 2000’s we have many years into the development of the Ares program and everyone is saying that it would take NASA another 10 years to have a launch vehicle ready to go to the moon and the lunar Lander won’t be ready. What am I missing here? It just doesn’t add up!
Mr. Hale,
Uh, is 1 mm really 0.254 inch? A quarter of an inch?
My back of the envelop suggests 1 mm is roughly 0.04 inch.
On Google, in response to the query “millimeter inch”, this popped up:
1 millimeter = 0.0393700787 inch
You observations about defining how much is safe enough are very apt. Perhaps the most adept risk evaluators are insurance companies. My impression is that the insurance companies use real-life operational experience effectively, and analogies less effectively, to establish insurance prices. Undoubtedly some commercial suborbital taxi operator will seek insurance in the near future. It strikes me that the total fare charged by the taxi will no doubt be driven largely by the cost of that insurance.
The Russians are essentially still on their first generation of spacecraft. As they launch 10 or so of their soyuz/progress rockets each year, they have to build that number and thus maintain their industrial base doing it.
The Soviet Union was fairly big on technical standards (demonstrates industrial capacity). But a key element was learning from mistakes under pressure of a space program in the service of national prestige.
Quality control, according to astronauts who have seen the Russian operation, is quite good. However, their capacity to build a totally new big-ish rocket must be questioned due to the capital requirement and the propensity of people to cheat the system in what is these days a developing economy.
Industrial capacity is about continuously building things in accordance with standards so the labour force is familiar with the details of relevant standards and the industrial process that accompany the standards.
New workforces in an industry have a huge learning curve. I hope the new players plug themselves into existing industrial capacity and not start from scratch.
The US will lose significant aerospace industrial capacity in ‘big rockets’ during the gap that will exist for 5 to 10 years while it develops new technologies to go further into space.
Fortunately, the US has a large civilian aerospace industry and a large military-industrial complex (which Eisenhower told us to be wary of) which are familiar with aerospace material and component standards.
Going into orbit means getting more out of materials and systems than is expected with aeroplanes. Thus much tighter standards are required.
Australia and New Zealand gets by on one standard for concrete pipes (I used to manage its updating among a suite of water industry standards), whereas the US has 4 or 5 national standards for concrete pipes and many state authorities have their own standards.
While civil engineering probably has the worst duplication of Standards in the US, its far from the only industry with a proliferation issue with Standards. Duplication is both a waste of resource and a source of innovation in meeting customer requirements.
The Europeans and the International Standards organisation are going overboard in seeking one standard for each type of product. It has its advantages and disadvantages. I think a certain amount of different standards for the same product used in different applications is good for competition and innovation.
NASA, as a customer, is entitled to chose the standards it wants compliance with.
On my other pet subject, it occurs to me a range of simplified jet engines, running on a variety of fossil and renewable fuels, could be used to power everything from model aircraft, to motor vehicles, to speed boats, to micro power stations when used in conjunction with an electrical generator for most applications. It could replace the reciprocating engine in most industries that can use ‘hybrid’ technologies. It could be a big export industry for the US if it did the development work.
“not budge a millimeter (0.254 inch)”
A mm is closer to 40 thousandth of an inch..
Consumer electronics are becoming like that as they get more complicated. Modern TV’s have thousands of standards to meet, ranging from the video compression to the copy protection. They cost millions to certify with the FCC & private industry’s own standards consortiums before they can legally use trademarks like HD. Instead of having a bunch of companies make their own TV’s, they all license the TV’s from 1 company. Millions of units have to be sold to keep TV’s from costing as much as a spaceship.
Wayne,
While I share many of your concerns on this “human rating” mess…and I understand your point at large…I find your comment regarding those tasked with enforcing this tech authority structure as only interested in compliance without regard for cost or schedule unfortunate.
I actually find it personally insulting, as someone who practiced both my subsystem management and Chief Engineer responsibilities extremely consious of my customers mission.
Don’t paint us all with the same brush, as I could make some painful, unproductive, sweeping project manager stereotypes.
– Julie
Hi Wayne,
I see others have already noted the error in conversion of mm to inches so my comment relates to why the FAA or some similar organization would not be responsible for establishing and enforcing safety (and other) standards on commercial spacecraft. I would imagine that some other US Agency, perhaps the FAA, is already working on such standards, and it would seem more their responsibility than NASA’s to establish and enforce such standards. They obviously have vast experience in the aircraft industry and I suspect that most of the core industrial standards to which you refer are common between commercial and military aircraft and NASA spacecraft. NASA, of course, has different or new standards unique to the specific operating environment(s) of its equipment. And NASA’s standards would certainly be available for the FAA to consider.
NASA, like any other entity, could establish internal criteria for flying its cargo and/or people on such a commercial vehicle and for allowing such a vehicle to dock with or connect to anything it owns, such as the ISS.
Why bother encasing the Moon rock in Plastic that burns.
Rocks dont burn, well not until everything else around them has completely melted, vapourised and boiled off.
The rocks should have been taken up to the ISS as is, applying Rock Standard 1.0
Sometimes the simplest solution is the best and most cost effective. The Astronauts and Cosmonauts would have also had the fun of touching the actual Moon rock rather than touching real plastic. We allow people on Earth to touch actual Moon rock but the Astronauts and Cosmonauts in Space are not allowed. I hope one day in the not too distant future we are returning Apollo lunar samples home, and I do not mean Earth.
Additional to my previous blog post.
1. Drill a hole through the middle of the rock and screw attach the rock to a wall near an air filter on the ISS.
2. That will eliminate any rock dust or particles from the rock affecting the ISS Crew.
3. Have a sign beside the rock saying look, touch and feel.
4. Have another sign saying, Return to Place of Origin ASAP.
I see that others noticed the error in the Millimeter vs Inch measurement. Didn’t a Martian mission crash because of an misunderstanding in regards to a metric vs imperial conversion? I hope that NASA, being an organization that fosters science and the scientific method is using the metric system for all measurements related to the space program. Old habits are hard to break but the metric system is so easy to use once learned and using it will improve our ability to work with our international partners since we are one of the few countries that is holding on to this outdated and poorly designed measurement system of feet, inches, miles, gallons, pounds, etc.
I enjoyed your post regarding human safety rating for spacecraft in attempting to explain the complexity of the system. On a different subject, while you were attending the suborbital conference in Boulder you Tweeted a comment about the ‘airmail myth’. I was wondering if you could expand on what you meant? I had hope to see something on your blog regarding the comment.
Gary Miles
Wayne:
Any comments on safety for a non-NASA situation such as Space Ship One???
I doub’t that they could afford to live up to NASA standards, but I am sure that they will try to make it as safe as possible, and will learn for flight experience.
Nelson
Excellent primer on the complexities of certification! As I’m sure you are aware, the aviation industry has similarly complex, multi-layered rules and guidelines for aircraft production and operation.
Working inside the aviation industry, I’ve grown to appreciate the interplay between regulators who are focussed on safety and compliance (two DRASTICALLY different things that I hope you’ll address one day!) and the company reps that are looking out for the business interests of the company. Many times the two sides agree; as another commenter said, “crashes hurt business.”
The FAA does not have a “one size fits all” policy for aviation certification. Separate rules for cargo flights, corporate jets, scheduled passenger flights, and homebuilt personal aircraft ensure that rules align with actual concerns.
At NASA the design, production, operation, and maintenance of the vehicle were all done under close supervision (and direction) inside a closed system. The crews were also selected, employed, trained, and approved by NASA. You’ve had control over everything from top to bottom and could mandate anything in the name of mission assurance. With a vary narrow mission profile, it was easy to work from a single (though vast) set of rules.
It may be that NASA continues to have a very narrow mission profile and strict standards on what is acceptable for NASA personnel. This does not mean that any commercial space company must follow these rules to put people in space. It may be that a company flies dozens (or hundreds!) of people into orbit without passing NASA’s rigorous review process.
While I’m sure most of the commercial companies would love to get some NASA funding for commercial crew launches, it is critical to note that NASA may not be the only customer. A company that can launch without paying to fulfill onerous requirements will likely look for a way to do so.
What will NASA do if companies are launching hundreds of missions safely (with incidents, but overall as safe as aviation) yet they do not meet NASA Human Spaceflight spec? Would you change your requirements or just sit out while everyone else goes to space?
Wayne,
A small nit, but 1 mm = 0.0.03937 inches not 0.254 inches. I know that metric system can be a problem for old engineers 😉
Bob