columbia and challenger
TRANSCRIPT
COLUMBIA AND CHALLENGER DISASTERS
ROSS APTED
SPACE SHUTTLE COLUMBIA DISASTER
On the 1st February 2003 A critical systems failure occurred on the space shuttle Columbia (STS - 107) on its re – entry to the earth’s atmosphere.
This caused the disintegration of the shuttle leading to the death of all seven crew members.
STS-107 flight insignia
Above image shows the Columbia disintegrating over Texas
INVESTIGATION INTO THE ACCIDENT
NASA’S INITIAL INVESTIGATION
The Columbia re-entry data showed that there was a loss of temperature sensors and of hydraulic systems in the left wing, indicating severe over heating.
Image of shuttle taken during re-entry shows damage to the left wing’s leading edge
This initial data focused the investigation on the possibility of a a foam strike.
This is when foam from the shuttle’s largest component, the external tank, sheds and collides with other areas of the or shuttle
during launch.
External Tank
Columbia launch
The theory that is was a foam strikewas compounded by the fact that foam sheading was a know problem that had damaged previous orbiters
FOCUS OF INVESTIGATION
The investigation focused entirely on the technical causes of the accident.
No formal model was used in the investigation.
No attempted was made to investiigate the human and organizational cause of the accident.
RESULT OF INVESTIGATION
It was conclude that the damage was due to the foam sheading of the least left bi-pod ramp causing a breach in the reinforced carbon – carbon panels in the left wing.
The result of this was to retrain employees at the assembly facility to apply foam without defects.
Left bi-pod ramp
THIS WAS THE INCORRECT CAUSE
Foam applied
incorrectly
Bi-pod damages left
wing on launch
Shuttle overheats
dues to RCC damage on
re-entry
Technical causes
Root cause
COLUMBIAN ACCIDENT INVESTIGATION BOARD This was an independent investigation board. The board analyzed the accident in more robustly.
Took into account technical cause, human cause and organizational cause.
Investigation made use of effective modeling approaches.
Came to a different conclusion.
(Board, Columbia Accident Investigation, 2003)
FOCUS OF INVESTIGATION
Technical
Carried out test to confirm that foam could have caused damage to the RCC panels on the left wing. Used compressed air gun to fire foam at wing leading edge.
Conducted further research into
the fitting of the foam concluded
that due to the technical and
organizational controls in place
the fault could not have occurred
there.Compressed air gun used to fire the foam.
Organizational
Several faults with NASA as an organization contributed to the accident.
NASA’s reluctance to curb operational ambition in line their shirking budget meant that greater efficiency had to be achieved. This caused the schedule to be tightened; as a result the workloads and the stress of the staff increased.
NASA budget as percentage of federal budget
NASA was also found to have inadequate decision making and risk-assessment processes.
NASA management knew about the foam sheading problem for over 22 years before the accident occurred.
The failure to correct the problem was due to conflict interests of managing positions. The managers not
only had to ensure safety but they also had to make sure the launch was on schedule and in budget.
MODELING USED IN THE INVESTIGATION
Investigation used fault trees to model the accident.
A graphical representation of all the events that could lead to a system failure.
Each element in a fault tree represents a factor: technical, human or organizing that could cause the element immediately above it to fail.
This is ideal for modeling complex socio-technical systems, as you can clearly see the chain of events that could lead to a catastrophic system failure.
It is an effective tool for finding the correct chain of events through a process of elimination.
EXAMPLE FAULT TREE
Simple fault tree for a fire breakout
RESULT OF INVESTIGATION
Nasa’s budget is cut
NASA Management failed to act on known problem
Left foam bi-pod collides with RCC panels on
wing
Shuttle over heats
Shuttle disintegration
Technical causesOrganizational causes
ACADEMIC LITERATURE Studying organisational cultures and their effects on safety
Beyond Normal Accidents and High Reliability Organizations: The Need for an Alternative Approach to Safety in Complex Systems
Both agree that a major factor contributing towards the accident was NASA organizational culture.
A Framework for Dynamic Safety and Risk Management Modeling in Complex Engineering Systems
Takes it a step further and analyzes NASA using STAMP modeling the paper finds that STAMP is ideally sited with its control framework to model every aspect of NASA: social, organizational, technical and how they interact.
( Marais, Dulac, & Leveson, 2004)
(Hopkins, 2006)
(Dulac, 2007)
CHALLENGER DISASTER
On January 28, 1986 the space shuttle Challenger (STS-51-L) broke apart in flight, minutes after take off, killing all of its 7 crew members.
STS-51-L flight insignia
Above image shows the Challenger disintegrating 73 seconds after launch
INVESTIGATION INTO THE ACCIDENT
ROGERS COMMISSION (PRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident, 1986)
Presidential Commission on the Space Shuttle Challenger Accident was an independent investigation into the accident.
The investigation found that the right solid rocket booster become separated, causing damage to the external tank. This led to the destruction of the shuttle by aerodynamic forces.
Solid Rocket booster
The investigation found that the O-ring joint failure was the cause of the accident.
The O-ring sealed a joint connecting the solid rocket booster to the main part of the shuttle
Both the primary and secondary O-rings failed, allowing heated gases and flames to escape and make contact with the external tank, causing a structural failure.
FOCUS OF INVESTIGATION
Technical
The O-ring joint was know to be inadequate and was in the process of being redesigned. It was found that in pervious flights O-ring erosion had occurred which rendered the secondary O-ring useless.
Organizational
On the day of launch engineers were concerned that the temperature was too low to launch(-2.2C lowest launch temperature recorded) and that there was to much ice on the shuttle. O-rings would not perform correctly at this temperature.
NASA management was told of this issue but it was deemed an acceptable risk and the launch went ahead.
RESULT OF INVESTIGATIONTechnical concerns- the sold rocket boosters were
redesigned.
Organizational concerns- A new safety office was created to allow better communication
and risk assessment.Cause
Shuttle disintegrated
O-ring failure caused rocket
booster to detach
Ice conditions not assessed correctly
Design flaw in O-rings
Root
Technical
Organizational
ACADEMIC LITERATURE
Understanding the Challenger Disaster: Organizational Structure and the Design of Reliable Systems (Heimann, 1993)
A critical analysis of factors related to decisional processes involved in the challenger disaster(Gouran , Hirokawa,, & Martz, 1986)
These papers both focus on the decision making process at NASA and why it how this process can be made more robust.
REFERENCESMarais, K., Dulac, N., & Leveson, N. (2004). Beyond Normal Accidents and High Reliability Organizations: The Need for an Alternative Approach to Safety in Complex Systems. Cambridge.
Board, Columbia Accident Investigation. (2003). Columbia Accident Investigation Board Vol 1. Washington, D.C: Columbia Accident Investigation Board.
Dulac, N. (2007). A Framework for Dynamic Safety and Risk Management Modeling in Complex Engineering Systems. Cambridge: MIT.
Gouran , D. S., Hirokawa,, R. Y., & Martz, A. E. (1986). A critical analysis of factors related to decisional processes involved in the challenger disaster. Central States Speech Journal , 37.
Heimann, C. F. (1993). Understanding the Challenger Disaster: Organizational Structure and the Design of Reliable Systems. The American Political Science Review , 87, 421-435.
Hopkins, A. (2006, December). Studying organisational cultures and their effects on safety. Safety Science , 44, pp. 875-889.
Keong, T. H. (1997, July 9). Risk Analysis Methodologies. Retrieved June 8, 2012, from pacific.net.sg: http://home1.pacific.net.sg/~thk/risk.html
PRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident. (1986). Report of the PRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident. Washington, D.C.: PRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident.