From: NASA HQ
Posted: Thursday, April 18, 2002
Mr. Chairman and Distinguished Members of the Subcommittee:
I am pleased to appear before you today to summarize the Aerospace Safety Advisory Panel's findings from the Annual Report for 2001. Although my term ended on MarchĘ31, 2002, I have been asked to speak on behalf of the Panel because the material being presented was developed while I was its Chair.
The Panel's report contained both praise for the safety of NASA's Space Shuttle operations and the strongest safety concern the Panel has voiced in the 15 years I was involved with it. This seeming dichotomy arises because of the unrealistically short planning horizon being used to make decisions about Space Shuttle flight system improvements, the restoration of ageing infrastructure, personnel succession planning and logistics.
It is important to stress that the Panel believes that safety has not yet been compromised. NASA and its contractors maintain excellent safety practices and processes as well as an world-class level of safety consciousness. It is also evident that the Space Shuttle is an extremely robust vehicle of enormous capability that can continue to serve the nation and the world for years or even decades to come if it is cared for properly. Replacing the Space Shuttle with a significantly more capable vehicle will require years of enabling Janology development, particularly in the areas of propulsion and materials. Prudent risk management therefore suggests that the Space Shuttle should be maintained and improved on the assumption that it will fly into and beyond the next decade. Moreover, to maximize safety, decisions related to improvements for the Space Shuttle should be based on a pessimistic rather than an optimistic view of when a suitable replacement vehicle will be fully certified and ready to take over. Safety is better served by having excess life in a vehicle when it is retired than by attempting to run the vehicle until it is no longer serviceable.
The Panel's concerns stem from the necessity for the Space Shuttle program to use most of its resources to support current operations. Because of a budget shortfall, many already planned and engineered improvements have had to be deferred or eliminated. Some of these would directly reduce flight risk. Others would improve operability or the launch reliability of the system and are therefore related to safety. Moreover, the current plans and budgets are not adequate even to retain the present Space Shuttle risk levels over the entire likely service life of the system.
Simply stated, the Panel believes that the repeated postponement of safety upgrades, the delay in restoring ageing infrastructure and the failure to look far enough ahead to anticipate and correct shortfalls in critical skills and logistics availability will inevitably increase the risk of operating the Space Shuttle. The problem is that the boundary between safe and unsafe operations can seldom be quantitatively defined or accurately predicted. Even the most well meaning managers may not know when they crossit. This is particularly true for an ageing system.
As complex human-machine systems such as the Space Shuttle age, the managers and engineers operating them gain significant knowledge about their idiosyncrasies. They develop great insights into the strengths and weaknesses of the system and, hence, its risks by characterizing system behavior over repeated missions. That is the present situation with the Space Shuttle. After more than 100 successful missions and the intense introspection following the Challenger accident, the present Space Shuttle team has an excellent understanding of what it takes to operate safely with the system in its present condition. As a result, the defined requirements for operating at an acceptable level of risk are always met even if doing so requires innovative approaches.
Unfortunately, as systems continue to age, they tend to change. Some of these changes are predictable. Others, however, are subtle and often unpredictable. As components and subsystems age beyond their design lives, they may fail more often and with new and unanticipated failure modes. Thus, the well-established characterization of the system is no longer fully valid. The Aerospace Safety Advisory Panel believes that the Space Shuttle is heading in this direction.
The problems that arise with an ageing complex system can be exacerbated if critical skills are lost. Even with the best documentation and succession planning, some expertise is lost as experienced personnel retire. In the case of the Space Shuttle, repeated Government and contractor hiring freezes during its operating life have led to a lack of depth in critical skills. Thus, it is reasonable to assume that the ability of the Space Shuttle workforce to anticipate new problems and to mount innovative efforts to maintain safety will inevitably diminish.
Before turning to the four specific questions posed in the April 9, 2002 letter of invitation from ChairmanĘ Rohrabacher, it is important to clarify the Aerospace Safety Advisory Panel's view of Space Shuttle risk. In addition to the obvious safety concerns of loss of crew, vehicle and mission, the Panel views anything that might ground the Space Shuttle for an extended period during the life of the International Space Station (ISS) as an unacceptable safety risk due to the potential loss of the ISS and associated risk for people on the ground.
What are the Aerospace Safety Advisory Panel's findings and recommendations about Space Shuttle plans and budget request?
The Aerospace Safety Advisory Panel is chartered to provide an independent review of issues related to safety. As such, it does not engage in detailed reviews of budget requests. Clearly, however, if an attempt is made to fly a high-risk system such as the Space Shuttle or ISS with inadequate resources, risk will inevitably increase. Effective risk management for safety balances capabilities with objectives. If an imbalance exists, either additional resources must be acquired or objectives must be reduced.
In its Annual Report for 2001, the Panel concluded in Finding 1 that:
The current and proposed budgets are not sufficient to improve or even maintain the safety risk level of operating the Space Shuttle and ISS. Needed restorations and improvements cannot be accomplished under current budgets and spending priorities.
This conclusion emanated not from a detailed line item review of the Space Shuttle budget but, rather, from observing and analyzing a disturbing pattern of the cancellation and deferral of projects for the future in order to conserve sufficient resources to operate in the present.
Foregoing or delaying upgrades also raises supportability concerns. In its second finding in the most recent report, the Panel observed:
Some upgrades not only reduce risk but also ensure that NASA's human spaceflight vehicles have sufficient assets for their entire service lives.
Obviously, the Panel recommended retention of as many safety-related upgrades as possible. It was also recommended to NASA, however, that:
If upgrades are deferred or eliminated, analyze logistics needs for the entire projected life of the Space Shuttle and ISS and adopt a realistic program for acquiring and supporting sufficient numbers of suitable components.
Many Space Shuttle components are long lead-time items that require years to acquire. Procurement times for many items could likely be further increased either because the original suppliers are no longer in business or because of a loss of capability by the manufacturer. The Panel believes that the Space Shuttle program must plan to obtain adequate quantities of long lead-time components to sustain safe operations. A failure to be proactive could lead to increased cannibalizations or even to the grounding of the Space Shuttle. In either case, safety could be compromised.
Overall, the Panel's concerns with respect to Space Shuttle plans and budgets could be reduced if all parties concerned - NASA, the Congress and OMB - adopted a realistic planning horizon and funded the program commensurate with the need to operate for that entire period. Based on currently available technology, the demonstrated lead times for developing new large-scale programs and the likelihood that the ISS will require support for at least another 20 years, the Panel believes it is realistic to adopt a Space Shuttle phase-out date in the 2022 to 2025 timeframe.
What are the Aerospace Safety Advisory Panel's specific concerns and recommendations for Space Shuttle ground infrastructure and launch workforce?
Infrastructure.In order to fly safely, the Space Shuttle requires extensive support from a variety of infrastructure components including facilities, training devices, ground support equipment (GSE) and special test equipment (STE). These assets, like the vehicle itself, are ageing. For example, some of the STE still employs vacuum tubes. Much maintenance and improvement of this infrastructure has already been deferred to conserve resources for current operations. As a result, there is a large backlog of restoration and upgrade work. If restoration continues to be delayed, it will reach a point at which it may be impossible to recover.
The recent failure of a weld in a fuel line during the launch count for STS-110 is a good example. The mobile launch platform (MLP) on which the line was mounted was originally designed and built for the Apollo Program and then refurbished for the Space Shuttle. It is not reasonable to expect the MLPs and similar vintage infrastructure to continue to support Space Shuttle operations for another 20 years unless significant effort is expended on renewal, upgrade and life extension. The weld rupture in this instance had no safety consequences, but it did delay the launch. The program may not be so fortunate in the future.
Also of note is the fact that the fuel line weld that failed had not been inspected for many years. This suggests that it was not considered to have a high probability of failure. Perhaps with advancing age, the MLP is beginning to display unanticipated weaknesses.
The Panel's Recommendation 3 in the current Annual Report addresses the infrastructure needs and urges NASA to:
Revitalize safety-critical infrastructure as expeditiously as possible.
Each year the program falls further behind. It is therefore necessary to take immediate action to reverse the trend and begin catching up. As with the flight elements, NASA must adopt a realistic planning horizon for the infrastructure to maximize the likelihood that it can continue to support safe Space Shuttle operations throughout the life of the program.
Workforce.Workforce issues have been a concern of the Panel for several years. A highly qualified launch workforce is critical to ensuring that all requirements are met before a flight is attempted. Processing the Space Shuttle for launch is a complex task requiring an appropriate mix of critical skills, training, on the job experience and clear, complete and accurate work documentation. Cutbacks in NASA and contractor personnel coupled with hiring freezes and retirements have resulted in some shortfalls in critical skills. In response, hiring and training programs have managed to fill the gaps. The Panel's concern is that these programs may not be adequate as the system ages and problems of retaining critical skills and in-depth system knowledge expand.
As the Space Shuttle system ages, it will require even more innovative technical and management actions to continue flying safely. The definition of these remedial efforts will require extensive experience with the system as well as appropriate technical training. As experienced government and contractor personnel retire, some of the "tricks of the trade" needed to compensate for newly emerging problems may be lost.
The Panel believes that there is no fully adequate substitute for direct experience with the Space Shuttle. Training can develop skills and knowledge. Good documentation and processes can simplify work tasks. Minimizing risk, however, also involves a feel for a complex system's unique strengths and weaknesses that can be acquired only on the job by working with more experienced members of the workforce. This is a process that cannot be greatly accelerated.
These considerations led the Panel to its Finding and Recommendation 6 in the current report. The finding acknowledges that:
The safety of NASA's human spaceflight programs will always be dependent on the availability of a skilled, experienced and motivated workforce.
The recommendation suggests that NASA:
Accelerate efforts to ensure the availability of critical skills and to utilize and capture the experience of the current workforce.
The Panel has seen no safety shortfall attributable to launch workforce or labor negotiation issues. Feedback from both NASA and its contractors over the past few years suggests high sensitivity to the potential safety problems that could arise from workforce issues. Nevertheless, continuing and increasing efforts to correct existing workforce problems must be a high priority part of future Space Shuttle operations.
What are the Aerospace Safety Advisory Panel's preliminary findings and recommendations about privatizing the Space Shuttle?
The notion of privatizing the operations of the Space Shuttle to improve safety and operational efficiency has been discussed in a variety of preliminary issue papers. The Aerospace Safety Advisory Panel has examined some of the available documentation. Since the idea is in its infancy, the Panel has yet to develop any specific findings and recommendations with respect to the advisability of privatization. The Panel did, however, observe that any plan to transition from the current operational posture to one involving significant privatization would inherently involve an upheaval with increased risk in its wake. It must be remembered that the Space Shuttle program is over 20 years old and has already undergone several transitions that were disruptive and distracting for the workforce.
From the Panel's perspective, any transition of the operating approach for the Space Shuttle will likely be accompanied by at least a temporary increase in risk. This is because the workforce is thrust into a new operating environment with some unfamiliar processes. Under these conditions, even the best trained and most well-intentioned people can become more prone to error. These considerations led the Panel to its Finding 5 which cautions that:
Space Shuttle privatization can have safety implications as well as affecting costs.
The associated recommendation was to:
Include in all privatization plans an assessment by safety professionals of the ability of the approach to retain a reasonable level of NASA technical involvement and independent checks and balances.
I would like to make two other points about privatization from my personal perspective and experience. First, every concept of Space Shuttle privatization I have seen so far involves the government indemnifying the private contractor. This leaves the government with a significant financial risk that it can only manage properly if it retains an adequate workforce of appropriately skilled, trained and experienced people. The dilemma is that it is difficult to cultivate and maintain this government workforce when all operations have been turned over to the private sector. Thus, protecting safety and the government's financial interest if it indemnifies the contractor requires the government to remain intimately involved with Space Shuttle operations even though the objective of privatization is to extricate the government from an operational role.
On the other hand, if the government chooses not to indemnify the Space Shuttle contractor, I do not see any way that a firm would be willing to accept a privatized Space Shuttle system. Given the magnitude of infrastructure revitalization needed and the associated financial and legal liability if failures occur, the risk would be too great for the associated rewards.
My second point relates to safety. As discussed above, transitions of large, complex organizations involve upheavals that can increase risk, at least until a new steady-state and fully characterized operating environment emerges. The Space Shuttle has been flying for over 20 years. If it were to be transitioned to a radically different operating posture without the traditional government/contractor checks and balances, I am convinced that risk would increase significantly at least for a time. Moreover, even when a steady-state was reached, I cannot envision any reduction in risk from the current, well understood levels.
Just to be clear, I am not saying that privatization is a poor concept for a newly developed human space vehicle. If there is a business case for private sector support and the system is designed from the start to be privately operated, there should be no safety problems other than those inherent in starting any new venture. The salient issue is whether it is wise and beneficial to safety to transition the Space Shuttle program to privatization. Currently there are significant long-term safety issues that are best addressed by a fully engaged and highly experienced government/contractor workforce operating in a familiar environment.
What is the rationale behind the Aerospace Safety Advisory Panel's recommendations to continue the X-38 spaceflight test and Crew Return Vehicle?
The Aerospace Safety Advisory Panel has steadfastly maintained its position that the ISS needs a "lifeboat" to provide the capability to protect the onboard crew under three design reference missions:
Appendix D to the Aerospace Safety Advisory Panel's March 1993 Annual Report presents a detailed assessment of generic crew return vehicle (CRV) requirements and reaches the conclusion that the lowest risk configuration for a space station is one with two return vehicles each of which can accommodate the entire crew. Subsequently, NASA decided to use a three-place Soyuz as a return vehicle until a full-crew CRV was available, and the Panel concurred with that approach as an interim expedient.
In recent years, the Panel has followed the development of the X-38 because it was presumably the basis for a CRV. As part of the X-38 development discussions, the Panel understood that consideration was being given to deferring or eliminating the spaceflight test included in the program. The Panel believes that any human-rated vehicle for spaceflight should have at least one flight test. Since the Panel also remains firmly behind the need for a crew return function for the ISS and the X-38 was presumably the only CRV candidate, the most recent Annual Report contained Recommendation 17a that stated:
Continue the flight test program for the X-38 and proceed to the space test of the V201 prototype.
It was also noted in Recommendation 17b that NASA should:
Press to restore the CRV production program or find a substitute rescue vehicle approach to permit expansion of the ISS crew.
Thus, the Aerospace Safety Advisory Panel was not supporting the X-38 per se but, rather, the necessity of having some continuously available return capability to meet all three design reference missions.
The Panel is concerned at the protracted delays in fielding a more capable return vehicle than the Soyuz. This is not only because the high landing loads involved in a Soyuz return may not be compatible with a maximally effective medical mission but also because of the uncertain future availability of an adequate supply of Soyuz capsules and the fact that a single Soyuz deployment limits the ISS crew to three.
In closing, I would like to add a personal note. It has been a privilege to work with the Aerospace Safety Advisory Panel for almost 15 years and an honor to serve as its chair. Most of my career has been devoted to the improvement of transportation safety, and I can honestly say that I have never seen an operation as safety conscious and safety effective as the NASA human spaceflight programs. Flying humans into space and supporting extended on-orbit stays is an extremely complex and dangerous endeavor that NASA and its contractors accomplish with an apparent ease that can disguise the extent of expertise and effort required.
In all of the years of my involvement, I have never been as concerned for Space Shuttle safety as I am right now. That concern is not for the present flight or the next or perhaps the one after that. In fact, one of the roots of my concern is that nobody will know for sure when the safety margin has been eroded too far. All of my instincts, however, suggest that the current approach is planting the seeds for future danger.
I appreciate the Committee's invitation and attention, and I would be pleased to answer any questions you might have.
// end //