Human Rating A Spacecraft

Recently you may have heard about former astronaut Scott Parazynski’s adventure to climb Mt. Everest.  He carried a sliver of a moon rock from Apollo 11 with him, and then picked up a sliver of a rock from the top of the highest mountain in the world.  These two rocks were encased in plastic, handed over to NASA, and flew aboard the space shuttle to be installed in the new Tranquility module of the International Space Station.  All very inspiring and good. 

 

Now for the rest of the story. 

 

All items to fly aboard the shuttle and/or reside on the station have to go through a safety review process.  One of NASA’s early and painful lessons was the Apollo 1 fire.  Fire in space could clearly be catastrophic, and the oxygen content of the atmosphere of both the shuttle and the station has some variability – and can be higher than normal earth atmospheric oxygen content.  It turns out that the plastic which the two rocks were encased in has bad properties in a fire situation.  To their credit, the new NASA safety organization attitude is no longer “No because” but “Yes if”.  The memento could be flown and displayed on the ISS if it were encased in another transparent, fire safe material.  If you see it today on the ISS, the rocks are doubly enclosed, once in “bad” plastic, and over that a layer of “good” polymer. 

 

Now, is this bureaucratic overkill?  Would you have fire safety disregarded?  How would you handle this situation if you were in charge?  Just take the risk?  Or do the bureaucratic thing and apply another layer of safety?  Careful with your answer.  I’ve had to face crewmember’s families after their loved one perished.  That experience makes you think very hard about these kinds of decisions.

 

There is a debate going on about human rating spacecraft – making them safe enough for people to fly on.  It is really a debate about safety and how much NASA will be involved in ensuring that commercial providers of space transportation services are safe.  There has been a lot said about human rating space vehicles lately, much of it confusing.  Read NASA’s requirements document for yourself at this location:

http://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPR&c=8705&s=2B

 

Even if you read it thoroughly you willnot understand what is really being said unless you understand the context and the NASA culture in which it resides.  Just reading the document without understanding the organization will lead you to wildly erroneous conclusions.  Let me try to put this document in perspective and plain language.

 

The first conclusion is obviously this document was written for a government run program in the style of Shuttle or Station.  The underlying assumption is that the NASA Program Manager makes the decisions within the framework of the NASA management structure.  So to apply this document to commercial human spaceflight will take a re-writing.  In fact, a committee is already working on a new version which would apply to vehicles on which NASA might buy seats. 

 

The second conclusion is illustrated by the drawing on page 2. 

 

Standards Figure 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

So the Human Rating Requirements “NPR 8705.2B” is only a small selection of the standards and processes that go into human rating a spacecraft.    As the document says early on “  . . . complex space hardware requires all missions to meet high standards . . . This NPR is to define and implement additional processes . . . necessary to human-rate space systems . . .  this NPR is linked to, and depends upon, many of the requirements . . .  contained in other NASA directives.” 

 

Are you getting the picture?

 

When I was shuttle program manager, I asked how many standards were levied on the shuttle program.  The answer was in excess of 40,000.  How can that be, you might ask.  Easily, I would reply.  There are all kinds of standards:  welding standards, parts standards, cleanliness standards, fracture control standards, vibration standards, EMI standards, wiring standards, mil standards and mil specs, software design and testing standards, and on and on and on.    

 

For a short list of some of NASA technical standards – all of which are likely to be applied to commercial human spaceflight – visit this page:  http://standards.nasa.gov/documents/nasa

 

But wait, that’s not all!  Each of these documents requires the use of more reference standards.  Let me give you an example of further standards referenced from a NASA parent standard; this from a recent presentation:

 

“NASA-STD-4003 September 8, 2003  Electrical Bonding for NASA Launch Vehicles, Spacecraft, Payloads, and Flight Equipment (25 pages)

            + Mil – C-5541, Rev E 11/30/1990 Military Specification, Chemical Conversion

                        Coatings on Aluminum and Aluminum Alloys

            + SAE-AMS-M-3171 4/01/1998  Magnesium Alloy, Processes for Pretreatment

                        and Prevention of Corrosion on

            +  SAE-ARP-5412 11/1/1999 Aircraft Lightning Environment and Related Test

                        Waveforms”

 

That is a short standard with a short subsidiary list.  Remember that if your electrical equipment is not well bonded (grounded), you are likely to have a serious problem.  This is precisely an example of the care and expertise that goes into aerospace vehicles to make them successful – and safe.  Norm Augustine’s book declares “the $5000 dollar electronic component will always fail so as to protect the 50 cent fuse” (Electronics boxes were cheaper in his day).  Even better to remember is Michelangelo’s famous dictum:  “Trifles make perfection, but perfection is no trifle.” 

 

There are a variety of standards available in the world, and I was very un-amused one day to be drawn into a debate by two technical warrant holders over which welding standard was superior:  the ANSI or the ASME.  The ISS organization has cheerfully adopted European or Japanese standards for the components built overseas.  But whether the spacecraft was built in the USA or overseas, at every step in the design, testing, and production of a space vehicle, there is some NASA organization or person who has been invested with the power to enforce those standards. 

 

Armchair authorities like to discuss the “big ticket” items in the Human Ratings Requirements:  redundancy requirements for fault tolerance, or minimum factor of safety for structures as examples.  Real rocket builders know while those are important, the real key to safety and success is very much more affected by the quality of parts and myriad individual steps in workmanship of the end product.  These are measured against thousands of individual checks against the appropriate standard.  So you must realize the vast majority of standards and requirements do not show up in the NPR 8705.2B Human Ratings Requirements document, they must be searched out in a hundred subordinate documents.

 

A third observation can also be made very early in the document.  NASA has “technical authorities” for safety, engineering, health/medical, and crew.  Following the Columbia Accident Investigation Board recommendations, the agency was reorganized so that the technical authorities do not work for the program but maintain independence to ensure that NASA programs are executed safely.  In fact, if a technical authority disagrees with the program manager, it is the program manager who must comply or appeal to a higher authority.  This is designed to ensure that cost and schedule pressures do not lead to unsafe decisions. 

 

Transparency in government:  the NASA governance model can be read at:   http://nodis3.gsfc.nasa.gov/npg_img/N_PD_1000_000A_/N_PD_1000_000A_.pdf

 

Here is an interesting and operative paragraph:

 

“3.4.2.1.4 Authority Roles Regarding Risk

Decisions related to technical and operational matters involving

safety and mission success risk require formal concurrence by the

cognizant Technical Authorities (Engineering, Safety and Mission

Assurance, and Health and Medical). This concurrence is based on

the technical merits of the case and includes agreement that the risk

is acceptable. For matters involving human safety risk, the actual

risk taker(s) (or official spokesperson[s] and his/her/their supervisory

chain) must formally consent to taking the risk; and the responsible

program, project, or operations manager must formally accept the

risk.”

 

What does that mean in plain language?  Basically the builder must comply with what the independent technical expert requires. 

 

I can remember one shuttle issue with the agency tribology expert (that’s lubrication to most folks).  The technical expert would not budge a millimeter (0.254 inch) in requiring servicing of a part almost inaccessible deep in the bowels of the orbiter.  The agency technical experts have absolutely no incentive to back off on their standards.  They are independent of the program.  They are not concerned with cost or schedule, only with compliance.  Compliance brings about safety, why would we want them to do anything less?

 

How will that fit with a lean, entrepreneurial commercial organization with a profit/loss bottom line?  Heck if I know.

 

So on about the fourth page of the Human Ratings Requirements document you can read that before work starts on a spacecraft design, a meeting is convened of the technical authorities to tell the program manager what standards and specifications the new vehicle will have to meet.

 

Don’t forget the legend that is stamped on the top of the front page:  “Compliance is Mandatory”

 

That’s probably enough for an overview.  We may visit the in-depth requirements on another day. 

 

Remember that the requirements document for commercial services is being written and the NASA governance model can change at any time.  So this discussion serves as a background of where we are today and where we have been, not necessarily where we are going to go in the future. 

 

My takeaway? 

 

The agency tried really hard to be as safe as possible and we still had the Apollo 1 fire, close calls on several lunar missions – the most famous of which was Apollo 13 – and we lost Challenger and Columbia.  In spite of our best intentions and best efforts. 

 

I’ll quote myself from my blog post Sine Non Qua on Sept. 11, 2009:

 

“Six years after the loss of Columbia, I’m not sure that we can make a spacecraft safe, but I have empirical evidence that proves beyond a shadow of a doubt that we can make it expensive.”

Suborbital Spaceflight

Short note today; I am at the Suborbital Research conference in snowy Boulder, CO. 

I am surrounded by dreamers who want to fly in space:  everybody from Lori Garver and Alan Stern on down to the grad students who is here wants to fly in space.  They desperately want to fly in space. 

I had the good fortune to be accompanied by a co-worker who was just turned down in her application to NASA”s astronaut office.  It is a hard hard thing to pass through the bar into that small fellowship. 

These dreamers want everybody to be able to fly in space.

There might even be real science that can be accomplished in 3 to 5 minutes of microgravity.

But the thought of opening up the space frontier to the common person is the real motivation here.

Its a good motivation; and some of these companies are making progress toward that goal.

We wish them luck; offer technical advice and assistance, and (if Congress approves) will have $15 million a year to encourage them.

This, then, appears to be the new world order.  Ad astra per dreamers.  (somebody help me with the latin!)

But then, all great accomplishments were once dreams.

Predictions and Wishes

At a recent speaking engagement, I was introduced as an “expert”.  Scary title, that.  At another place I was introduced as “highly experienced”  which is a polite way of saying “old”. 

 

These put me in mind of Clarke’s Law.  Sir Arthur C. Clarke, the inventor of the geostationary satellite, author of innumerable books both non-fiction and science-fiction, and one of the truly forward thinkers of the 20th century.  Clarke’s first law has to do with predictions and experts.  He came to an interesting conclusion after studying the predictions of experts over the previous centuries.  To get you in the right frame of mind, consider some of these real predictions by well respected experts of the past:

 

Rail travel at high speeds is not possible because the passengers, unable to breathe, would die of asphyxia – Dr. D. Lardner, 1835

 

I can accept the theory of relativity as little as I can accept the existence of atoms and other such dogmas – Ernst Mach 1912

 

Our future discoveries must be looked for in the sixth decimal place – Nobel Prize laureate A. A. Michelson, 1894

 

Aerial flight is one of that class of problems with which man will never be able to cope – Simon Newcomb, 1903

 

The [atomic] bomb will never go off, and I speak as an expert in explosives – Adm. William Leahy to President Truman, 1945

 

The popular mind often pictures gigantic flying machines speeding across the Atlantic carrying innumerable passengers in a way analogous to our modern steam ships.  It seems safe to say that such ideas are wholly visionary and even if the machine could get across with one or two passengers, the expense would be prohibitive to any but the capitalist who could use his own yacht. – William H. Pickering, 1910

And so on.  You get the point, and there are plenty of other predictions we can laugh at today. 

 

So Clarke postulated his first law: 

 

“When a distinguished but elderly scientist states that something is possible, he is almost certainly right.  When he states that something is impossible, he is very probably wrong.”

 

 

Everybody is making up Christmas lists or maybe New Year’s Resolutions and wishes for what might happen in 2010 or later.  I think I will avoid such lists. 

 

In hopes of proving Sir Arthur Clarke correct, and based on my status as an aging “expert”, I would like to make some predictions (tongue firmly planted in cheek – hoping that reverse psychology will make the predictions fail):

 

1.  Human spaceflight was a passing fancy and its disappearance will hardly be noted by historians nor missed by the general public.

 

2.  Human beings will never again set foot on the moon nor travel to Mars or any other celestial body.

 

3.  The study of engineering and technology will become a thing of the past as the world’s standard of living returns to that of the 18th century.

 

4.  The popular entertainments of the day will so capture the imagination of the public that they are rendered incapable of any real productivity and spend their time in the pursuit of gossip about actors and sports figures.

 

5.  Constant exposure to digital toys will decrease the human attention space to milliseconds preventing any useful thought or accomplishment.

 

6.  Without any unifying goals, the world becomes increasingly balkanized into clan-like groups who turn to violence over ancient insults, real or imagined.

 

OH NO.  What an awful set of predictions.   The Grinch or Ebenezer Scrooge could not have done better.  But there they are, and I want credit for having made them.  If they come true, then I should be remembered for having predicted them.  If they don’t come true, I’ll be just as happy to join the company of William Pickering and A. A. Michelson!

 

Now for what I really wish for at this season  (not a prediction, lest I jinx it!):

 

A commitment from all the space faring nations of the world to join together – with adequate resources – to explore in detail the entire solar system in our lifetime; including the first permanent human habitations (colonies) on the Moon and Mars and outposts at other strategic points in the solar system; a well established and effective transportation system to link this community together; and a strong technology development program to enable it all.  Such an international effort would unite the peoples of the earth in cooperation to achieve a historic and noble goal and would result in innumerable benefits from technology and medical advancements, stronger economies and new industries, and serve to inspire our children to study the hard subjects and to follow their parents in achieving great things.

 

This may be too much to wish for; some may call it unrealistic, but human progress has only been truly made by unrealistic people.  Now my wish is that we buckle down and do it!

 

My very best wishes for each of you to have a Merry Christmas and Happy New Year!

Sine Qua Non

I have been pondering the Augustine report (at least the executive summary) which has been released.  There are a couple of sentences up front that have been on my mind:

 

“Human safety can never be absolutely assured, but throughout this report, it is treated as a sine qua non.  It is not discussed in extensive detail because any concepts falling short in human safety have simply been eliminated from consideration.”  As panel members commented (more than once) during the public sessions, ‘we assume NASA will build safe systems’.

 

I’m not a Latin scholar so I had to look it up.  Sine qua non means the something or someone indispensible.    So safety is indispensible.  I’d agree with that.  As a matter of fact, I have spent my entire career based on making spaceflight as safe as possible while still actually flying. 

 

Actually, the assumption that NASA will build safe systems is poorly demonstrated by our history.  Our failures are painful to enumerate.  Early after the Columbia accident, we engaged Dr. Charles Perrow of Yale University to talk to us about his book (and theory) titled “Normal Accidents”.  In summary, Dr. Perrow believes that accidents are unavoidable in complex systems.  Very depressing to read.  Nothing you can do will ultimately prevent a fatal flaw from surfacing and causing catastrophe.  Life is hard and then you die.  Not very motivational, but perhaps true.  So all of us who listened to Dr. Perrow determined to prove him wrong.

 

In any event, safety in space flight is a relative term.  A launch vehicle with a 98% success record is considered very safe, but you would never put your children on a school bus that only had a 98% chance of getting them safely to school.  It is a high risk, low safety margin endeavor.  Probabilistic Risk Analysis has made great strides in recent years but the only statistic I put any faith in is the demonstrated one.  The shuttle has failed 2 times in 125 flights.  That is not good enough.

 

Six years after the loss of Columbia, I’m not sure that we can make a spacecraft safe, but I have empirical evidence that proves beyond a shadow of a doubt that we can make it expensive.  The cynical part of me says that is what we do at NASA: demand extraordinary proof that things are safe.  ‘Proof’ means a series of tests -a large enough number of tests to be ‘statistically significant’- and/or very complex analysis which examines every facet of each part of a system in detail to demonstrate that in the worst possible set of circumstances the system will perform as required.  Trouble is, there is no end to imaginative tests, and there is always something else to throw into the analysis.  And it all must be extensively peer reviewed, debated at length, documented to the nth degree, briefed to multiple layers of management, and signed off by virtually everybody in

the organization.

 

This is a very expensive process.

 

History indicates that attention to safety doesn’t seem to last.  Sooner or later the people charged with making a system safe retire or die off, the bean counters get their knives out and the organization gets trimmed in the name of efficiency and cost savings, and somewhere along the way an invisible line is crossed.   And Dr. Perrow is proved right again. 

 

Not to be too depressed, but these report’s two sentences on safety are counterbalanced by many more sentences describing how space systems must be made cheaper and should accomplish its goals sooner.  ‘Faster, better, cheaper’ was the rallying cry of management over a decade ago.  The wags soon added ‘pick any two’.  My experience has been that a project manager is lucky to get two, and many projects end with having failed on all three counts.

 

I found another Latin phrase which may apply here, from Horace:  Splendide mendax.  It means ‘splendidly untrue’.  Safety at low cost, that is. 

 

So as we look to the future, it is going to take a great deal of careful management to ensure that commercially provided crew transportation systems are adequately safe and yet not drive the cost (and schedule) through the roof.  This balance is not easy to accomplish.  Careful and thoughtful management attention will be required.  No doubt you will hear some debate about this topic in days to come.

 

Which brings me back to sine qua non.  About a year after the loss of Columbia, NASA had a conference on risk and exploration.  A number of folks who do dangerous exploratory work talked with the NASA leadership about these issues.  Probably the most memorable thought of the whole conference came from James Cameron.  After almost two days of people repeating the phrase “safety first, safety is the most important thing”, Mr. Cameron made this observation:  “While safety is very important and must be considered at all times, in exploration safety is not actually the most important thing.  In exploration, the most important thing is to go.”

 

If I were writing the report, it would echo those words.  Actual exploration is not safe.  Actual exploration does not take place on powerpoint slides.  Actual exploration takes courage.  Actual exploration take action.  Actual exploration requires going.

 

Actually going is  sine non qua.

Philosopher Corps

 

Following the Apollo 11 40th anniversary celebrations, a close friend of mine who does not work in aerospace asked me for the top 5 space books he should read.  Topping my list is Tom Wolfe’s “The Right Stuff”.  That is the quintessential book about the early days of American’s manned space flight; a must-read for anybody interested in the topic.

 

However, there are a few things that Mr. Wolfe did not quite capture, a small criticism from somebody who has never attempted to write a book.  So it was of some interest that I read Mr. Wolfe’s New York Times opinion piece on the Apollo moon landing.  You can find it here:

 

http://www.nytimes.com/2009/07/19/opinion/19wolfe.html?pagewanted=all

 

Since one of the main purposes of this blog is to provide some public framework that explains why human space flight is important, I suppose I could be distressed by Mr. Wolfe’s conclusion that there are no philosophers who have articulated a vision and rationale for these goals.  What am I?  Well, not a philosophy major certainly; six hours as an undergraduate does not qualify me in that field.  Most of the modern day philosophers I have read are dense, hard to understand, and certainly no engaging in a common public sort of arena.   I wonder if Aristotle or Immanuel Kant had written on space flight would that make a difference in today’s open ended debate?  And what if NASA had proposed hiring a Corps of Philosophers in 1970?  Would the Office of Personnel Management approved it?  Hmmm.

 

Besides, I believe that there are plenty of philosophers (by practice if not by degree) that have provided publicly engaging rationale for space flight:  think of Carl Sagan, Gerard K. O’Neill, Gene Shoemaker, Neil DeGrasse Tyson just to name a few. 

 

Besides, you don’t have to see too many clips of people interviewed on the street who don’t know who our first president was or what is in the constitution to figure out that some folks are probably just never going to get it.  Not that we shouldn’t try.

 

But if you want the best rationale I have ever heard, I want you to read this essay written by Archibald McLeish when he was Poet Laureate of the US, inspired by Apollo, at the end of 1968. 

 

 

        Our conception of ourselves and of each other has always depended on our image of the earth.

        When the earth was the World – all the world there was – and the stars were lights in

Dante’s Heaven, and the ground beneath our feet roofed Hell, we saw ourselves as creatures at the center of the universe, the sole particular concern of God.  And from that high place, man ruled and killed as he pleased. 

 

        And when, centuries later, the earth was no longer the world but a small, wet, spinning planet in the solar system of a minor star off at the edge of an inconsiderable galaxy in the vastness of space – when Dante’s Heaven foundered and there was no Hell – no Hell, at least, beneath our feet – men began to see themselves not as God-directed actors in the solemn paces of a noble play, but rather as the victims of an idiotic farce where all the rest were victims also and multitudes had perished without meaning.

 

        Now, in this latest generation of mankind, the image may have altered once again.  For the first time in all of time men have seen the earth with their own eyes – seen the whole earth in the vast void as even Dante never dreamed of seeing it – seen what whimpering victims could not guess a man might see.

 

        When they saw the earth, “halfway to the moon” they put it, they asked “Is it inhabited?” and laughed.  And then they did not laugh.

 

        The medieval notion of the earth put man at the center of everything.  The scientific notion put him nowhere: beyond the range of sense or reason, lost in absurdity and death.  This latest notion may have other consequences.  Formed as it was in the eyes of heroic voyagers where were also men, it may remake our lost conception of ourselves.  No longer the preposterous player at the center of an unreal stage – no longer that degraded and degrading victim off at the verges of reality and blind with blood – man may discover what he really is.

 

        To see the earth as we now see it, small and blue and beautiful in that eternal silence where it floats, is to see ourselves as riders on the earth together, brothers on that bright loveliness in the unending night – brothers who see now that they are truly brothers.

 

                                        -Riders on the Earth, Archibald MacLeish, 1968