Space shuttle disasters of Challenger and Columbia: Did NASA actually prioritize safety and was the shuttle layout safe?

In modern history, the most notorious disasters in the field of aerospace that come to mind would certainly be the Space Shuttle Challenger incident.  In early 1986, Challenger was set to launch with the first teacher in space, the program NASA created to put a non-astronaut civilian in space for the purpose of transparency of space travelling to the public. The launch was therefore highly anticipated by the public, and it became a shock when it broke apart 73 seconds into the flight. Another incident, yet less anticipated by the public, was the Space Shuttle Columbia disaster. The space mission of the Columbia was -at least prior to its fatality- less anticipated by the public, consisting of some routine maintenance procedures and completing unfinished experiments. Space Shuttle Columbia disintegrated upon re-entering the atmosphere.

So: The disasters are almost 17 years apart from each other, and the cause of failure and the nature of the missions are completely unrelated to each other.  Or… Are they? Were the hazards actually identified, and did NASA’ higher management not act upon the hazards in the interests of time schedules and costs? Can the rocket layout from the Space Shuttle actually be considered as a safe design?

When it comes to the cause of failures of the to space shuttle disasters, there seems to be a trend present in the disregard of safety. Space Shuttle Columbia was actually the result of the negligence of the damage of the chunk of foam from the Shuttle’s external foam tank,  hitting somewhere on the leading edge of the left-wing of the orbiter (Figure 1). During the review of the launch, the foam strike was actually seen, and in the prospect that the foam strike could possibly damage the heat resistant tiles, it was reported to an official and contacted the department of defence to take satellite images to actually know the extent of the damage. According to the Columbia Accident Investigation Board [2], NASA official Linda Ham blocked all imaging requests, as it was not required and hence takes too much time [1]. Furthermore, foam strikes of the orbiter was actually a previously known occurrence and concern [1]. Actually, the damages of the heat resistant panels, which are needed for the re-entry (aluminium is not heat resistant enough, special heat resistant tiles are needed for heat protection), were seen prior to the disaster as well, and many maintenance operations were made to replace them. What actually came as a surprise, was that rather than damaging the fragile white and black tiles, the leading edge itself actually was damaged, which consists of reinforced carbon (RCC), and was not expected as destructible. However, the foam strike actually became fatal, and if the damage of the leading edge of the left-wing could be identified, by either spacewalk or requested images, the extend of the damage itself could have been informed. The damage foam strikes could impose, was deemed not critical based on previous assumptions of foam strikes, rather than scientific experimental support.

Figure 1: Foam strike of the insulator foam of the external fuel tank on the leading edge of the orbiter. Image obtained from [3]

For the case of the Space Shuttle Challenger, the disaster happened in the morning of January 28th 1986, almost exactly 17 years before Columbia. The weather forecast for the day of the launch was -8 degrees Celsius, which caused engineers at Morton Thiokol, the designers of the solid rocket boosters of the Space Shuttle for NASA, to have concerns about the functionality of the O-ring seals at such low temperatures. Although having no exact experimental support to the concern, the engineers at Thiokol made an assessment of concerns and possible risks regarding the O-ring seals at low temperatures and recommended the lowest limit of temperature for the launch at 12 degrees, which was primarily based on the flight of the Shuttle a year earlier.  NASA higher management was not keen on this recommendation and stated that such a recommendation could only be taken into account when experimentally proven. However, in the end, there was no real temperature restriction and requirement at all for the launch. Due to time pressure and costs, the launch was scheduled still for that time, and the incident happened.

In general, the design of the Space Shuttle itself is not considered safe at all. Most plans of a cheap journey to space by means of the shuttles by NASA were highly ambitious and did not meet expectations. A full analysis of lack of safety in the design would be highly extensive, though a few points, also as indicated in the disasters of Columbia and Challenger, suggested a change in design, which was ultimately also the reason NASA stopped the shuttle program (though it certainly had something to do with the huge amount of maintenance costs to operate as well). Few notable designs feature sensitive to failure can be immediately seen from the layout of the Shuttle design:  

  • The shuttle system used external solid rocket boosters (SRB) to get the orbiter in space, while the main engines of the orbiter itself were supplied with liquid fuel from the big, orange external fuel tank, of where the shuttle and the SRB’s were attached (Figure 2). The more conventional orientation, so self-contained liquid-fueled rockets, where the main module and the crew are mounted at the top. The latter one would actually be a much safer layout; since the crew is on top, no debris will be experienced on their module.
Figure 2. The difference in design is apparent. In the case of the Space Shuttle, the orbiter and SRB’s are attached to the huge external fuel tank, which makes the orbiter prone to debris strikes, such as the case in Columbia. A more conventional layout such as Saturn V would promote a safer design. Image obtained from [4].

The Space Shuttle Columbia and Challenger show negligence in risk identification of the higher management. Recommendations for a better safety structure by management are:

  • When high risks are involved, act upon the recommendation of the engineers such that system is ensured to operate safely. Do not base judgement on previous observations and assumptions, but base it on scientific and experimental data.
  • Safety design, where the operating structure comprises high fatalities, should require a ‘Proof that it will be safe’ attitude, rather than a ‘Proof that it will fail’ stance.
  • When such high fatalities are involved, put safety as an unconditional standard and priority.  Do suppress the so-called ‘go-fever’, and make safety the absolute priority.

References:

[1] Book: Comm Check… The Final Flight Of Shuttle Columbia by Michael Cabbage and William Harwood

[2] Report of Columbia Accident Investigation Board, Volume 1

[3] http://www.columbiadisaster.info/

[4] https://www.britannica.com/technology/launch-vehicle/Launch-vehicles-of-the-world