From: NASA HQ
Posted: Thursday, September 6, 2001
Mr. Richard D. Blomberg
Chair, Aerospace Safety Advisory Panel
Subcommittee on Science, Technology and Space
Committee on Commerce, Science and Transportation
United States Senate
September 6, 2001
Mr. Chairman and Distinguished Members of the Subcommittee:
I am pleased to appear before you today to summarize the Aerospace Safety Advisory Panel's current position on issues relevant to the safety of the Space Shuttle. The Subcommittee's focus on both the short-term and the post-2012 era is particularly germane. The Panel has focused much recent attention on the clear dichotomy between future Space Shuttle risk levels and the extent of current planning and investment directed at operating an aging space vehicle for the foreseeable future-to 2020 and beyond. Our most recent Annual Report delivered to the NASA Administrator last February highlighted the issues. We noted that efforts of NASA and its contractors were being primarily addressed to the immediate safety needs of the Space Shuttle. Little effort was being expended on the long-term safe use of the system. The overarching theme of our report, therefore, was the need for NASA, the Administration and the Congress to use a longer, more realistic planning horizon when making decisions with respect to the Space Shuttle.
In the months since last year's report was prepared, the long-term situation has deteriorated. Budget constraints imposed on NASA's human spaceflight programs have forced the Space Shuttle program to adopt an even shorter planning horizon in order to continue flying safely. As a result, more items that should be addressed now are being deferred. This adds to the backlog of restorations and upgrades required for safety and continued efficient operations and postpones many risk reduction benefits. The resulting situation is suboptimal at best and gives the Panel cause for significant long-term concern. NASA needs a reliable human rated space vehicle to reap the full benefits of the International Space Station (ISS), and the Panel believes that, with adequate planning and investment, that vehicle can be the Space Shuttle.
Before addressing our concerns, it is important to stress that the Panel does not believe that safety has been compromised at present. NASA and its contractors maintain an excellent level of safety consciousness, and this has contributed to significant flight achievements. The defined requirements for flying at an acceptable level of risk are always met. Increasingly, though, these requirements can only be achieved through the innovative and tireless efforts of an experienced workforce. As hardware wears out and veterans retire, the program will inevitably lose some of this compensatory ability. The options will then be to accept increased risk or to ground the fleet until time-consuming improvements and repairs can be accomplished. Neither of these is an acceptable option when there are clearly defined paths to reduce risk and increase operational reliability in the future.
The Panel believes that four areas are critical to the long-term safe operation of the Space Shuttle:
The Space Shuttle is not unique as an aging aerospace vehicle that still possesses substantial flight potential and has yet to be superseded by significant new technology. Any replacement for the Space Shuttle started now would likely take a decade or more to be designed, built and certified and likely would not be materially more capable than the current system with appropriate updates. Commercial airlines and the military have faced the same situation and have implemented timely product improvement programs for older aircraft to provide many additional years of safe, capable and cost effective service.
The Space Shuttle program is not presently able to follow this proven approach. Responding to budgetary pressures has forced the program to eliminate or defer many already planned and engineered improvements. Some of these would directly reduce flight risk. Others would improve operability or the launch reliability of the system and are therefore potentially related to safety. In addition to the obvious safety concerns related to loss of vehicle and crew, we view anything that might ground the Space Shuttle while the ISS is inhabited as unnecessarily increasing risk. The Panel also does not think it is prudent to delay ready to install safety upgrades and to continue to operate at a higher risk level than is necessary.
An example of a potentially valuable improvement that has recently been dropped is the electric auxiliary power unit (EAPU). This upgrade can reduce risk both on the ground and in flight through the elimination of hydrazine and the high-speed turbo-machinery characteristic of the current auxiliary power unit (APU). It can also improve operability by doing away with the use of cumbersome Self Contained Atmospheric Protective Ensemble (SCAPE) suits and the need to clear the work area during many APU ground-processing steps. Development of an acceptable EAPU will require some battery technology advances and weight reduction efforts. If the Space Shuttle is to fly until 2020 and beyond, it would appear that an investment in this type of multi-pronged improvement would be well justified. Under present guidelines, however, the human spaceflight program would have to fund EAPU development and certification at the expense of activities needed to continue flying safely in the present. No program should be forced into a position in which tradeoffs between current and future safety are required. Total risk can only be minimized if managers are free to make decisions with full recognition of the entire expected life cycle of the system for which they are responsible. Also, if the Space Shuttle does not introduce the EAPU or another replacement, it must rely on the present hydrazine-powered APU for the life of the program. This will require focusing additional current attention on ensuring the long-term availability of APU components and maintaining the ability of the supplier to provide support.
Other improvements to the orbiter and the other Space Shuttle elements are being delayed in order to accommodate current budget needs. This type of "stretch out" usually ends up costing a program significant additional funds in the long run. More importantly, when risk reduction efforts, such as the advanced health monitoring for the Space Shuttle Main Engines, Phase II of the Cockpit Avionics Upgrade, orbiter wire redundancy separation, the orbiter radiator isolation valve and the helium auxiliary power unit for the solid rocket boosters, are deferred, astronauts are needlessly exposed to current levels of flight risk for longer than necessary. This is a lost opportunity that is not offset by any real life cycle cost saving for the program.
The Panel cautions that now is not the time for significant cutbacks. At this stage in the life of a complex vehicle that will likely remain in service for several more decades, increased rather than diminished risk reduction efforts are essential. NASA must focus on applying the best available technologies to increasing the safety of the total system.
In order to fly safely, the Space Shuttle must be supported by a properly functioning ground infrastructure including facilities, ground support equipment and test and checkout gear. These assets, like the vehicle itself, are aging. Much maintenance and improvement of this infrastructure has already been deferred to conserve resources for operations. As a result, there is a large backlog of restoration and upgrade work. The sheer magnitude of this backlog means that it will take some time to bring the infrastructure back to an acceptable condition if the available numbers of trained and experienced managers and engineers are applied to the task and funding is available. Unfortunately, rather than improving, the situation becomes worse each year. If restoration continues to be delayed, it will reach a point at which it may be impossible to catch up.
Aging infrastructure becomes unreliable. At best, this will be a costly nuisance when failures delay launches. At worst, safety can be compromised when systems fail at inopportune times or multiple, simultaneous failures occur. As individual system reliability goes down, the likelihood of conjoint failures typically increases. Often, these multiple malfunctions have safety implications when the individual failures of which they are composed do not. The Panel is particularly concerned about the infrastructure at the Kennedy Space Center. The data cables leading to the launch pads and the deteriorating roof and siding panels on the Vehicle Assembly Building are examples of weak spots that could blossom into full-fledged safety or operations issues.
Much of the Space Shuttle ground infrastructure dates to the Apollo era or earlier. It will be needed for at least another 20 years of Space Shuttle operations. In order to keep these critical parts of the system safe and fully supportive of the overall program, NASA needs to revitalize them as expeditiously as possible. If the infrastructure is updated and kept viable, it can also be a legacy to any vehicle that supersedes the Space Shuttle.
A safe flight program needs a viable supply chain that ensures the availability of functionally appropriate and reliable spare parts. An aging flight vehicle faces logistics challenges not only from wear and tear but also from obsolescence. Suppliers often lose skills when they stop production. Some go out of business or lose interest in maintaining capabilities when relegated to a minor support role. Technological advances can also strain the logistics function when new, safer approaches to subsystems become available and must be phased in.
Space Shuttle logistics, although handled admirably by NASA and its contractors, is hampered by a lack of assets. Simply, the program has inadequate spare parts for many key subsystems. The Ku-band antenna is an example of a component for which the available stock is simply not sufficient. Where total inventory is adequate, flight-ready spares are still often less than desirable because of slow repair turnaround times. The logistics problem facing the Space Shuttle program is exacerbated by the long lead times for the manufacture of many critical components. The program is keeping up with logistics needs at present, but as the vehicle and its systems continue to age, problems can be expected. The response to these types of problems is often cannibalization of components from one vehicle to another. When cannibalization is used as a routine response to parts shortages, safety can be compromised.
Supportability is also a logistics concern. The nozzle for the Space Shuttle Main Engine (SSME) is one example. It retains its original design in which over 1,000 tubes for carrying coolant must be inserted by hand before they are brazed. This is a highly specialized task that is dependent on an eroding base of experienced contractor personnel. If the Space Shuttle is to fly safely for its entire anticipated life, attention must be focused now either on developing a new nozzle or on procuring a sufficient number of the existing nozzles to ensure the availability of safe components and the maintenance of the contractor's skill base.
Overall, NASA must analyze its logistics needs for the entire projected life of the Space Shuttle and adopt a realistic program for acquiring and supporting sufficient numbers of suitable components.
Identifying and implementing essential vehicle, infrastructure and logistics improvements to the Space Shuttle system requires an appropriately trained, experienced and motivated workforce. Motivation does not seem to be an issue. When permitted, NASA and its contractors have been successful in recruiting some of the best and brightest engineers and technicians even at less than prevailing industry salaries. These individuals almost universally express a desire to work on the Space Shuttle and ISS because they represent inspiring and challenging opportunities. It is fair to say that when it comes to human spaceflight, the dream is still truly alive!
A complex endeavor such as the Space Shuttle, however, requires an experienced as well as a skilled and motivated workforce. Even with extensive training, inexperienced engineers and technicians are more prone to errors and less likely to detect problems than their experienced counterparts. NASA and its contractors are inexorably losing experienced workers to retirement. The hiatus in new hires during the 1990's has created a gap in the distribution of experience. As a result the successors to current managers will be operating without the same level of first-hand experience as their predecessors.
The projected loss of experience need not be detrimental to future safety if current planning is adequate to present the next generation of Space Shuttle managers with reasonable tasks. This can be accomplished by ensuring that they are given a vehicle that is upgraded to the maximum extent possible and fully ready to conduct its mission for a realistic service life. Allowing experienced personnel to plan and execute any needed upgrades before they retire will permit their successors to focus primarily on safe operations based on clearly defined requirements while they amass their own experience. It would also be advisable to capture as much of the knowledge of the existing workforce as possible so that it can be archived for use in the future.
The minimum risk approach is clear. In order to fly safely until 2020 and beyond, the Space Shuttle will need improvements, additional care, infrastructure revitalization, better logistics, a skilled and experienced workforce and development of an operational posture consistent with the capabilities of that workforce. The longer that these vital steps are postponed, the harder they will be to accomplish, the more they will cost and the higher will be the safety risk. The preferred alternative is to acknowledge now the role of the Space Shuttle as our human spaceflight vehicle for the foreseeable future and to care for the total system appropriately in a timely manner. This will give our astronauts a safer and more capable vehicle to operate and reduce life cycle cost.
Safety is an intangible whose true value is only appreciated in its absence. The boundary between safe and unsafe operations can never be well defined. As a result, even the most well meaning managers may not know when they cross it. Nobody would deliberately jeopardize Space Shuttle safety. But, as equipment and facilities age and workforce experience is lost, the likelihood that the line will be inadvertently breached increases. The best way to prevent problems is to be proactive and continuous with risk reduction efforts. The Aerospace Safety Advisory Panel fears that the Space Shuttle program is not being allowed to do this and, in fact, has been forced to forego appropriate long-term planning in order to maximize the safety of present operations. This is not a prudent approach to an ongoing program, and we hope it will not continue. Long-term safety is best achieved by giving capable managers a realistic budget and permitting them to exercise reasonable engineering discretion. By analogy, we would all willingly fly today on an airline whose aging aircraft were as well cared for as the Space Shuttle. If, however, that airline had neglected preparations for the future as the Space Shuttle program has been forced to do, we would certainly not invest in its stock.
Thank you for the opportunity to present the thoughts of the Aerospace Safety Advisory Panel on this important topic.
// end //