|
THERE is a particularly treacherous type of accident which occasionally
destroys aircraft that are working faultlessly. It is called "controlled
flight into terrain", and it occurs when some sort of human error
on the aircraft or on the ground causes it to fly into the dirt.
Last September an accident like this occurred on Mars. Space workers at
NASA's Jet Propulsion Laboratory in Pasadena sent routine navigational
commands to the Mars Climate Orbiter as it approached the red planet.
But due to a series of human errors, the commands turned out to be wrong
and the probe dipped low into the atmosphere instead of entering orbit.
The spacecraft probably blew up, burned up or buried itself in the Martian
soil; either way NASA never heard from it again. It was a classic "controlled
flight into terrain" accident, but this time on another planet.
Only a few weeks later, in early December, NASA's Mars Polar Lander entered
the Martian atmosphere. During the descent, the vehicle was supposed to
release a pair of microprobes that would hit the surface, penetrate the
soil, analyse it, and then broadcast the results. NASA never heard from
the microprobes or the Polar Lander again. The best guess is that the
Lander turned off its braking rockets too early and slammed into the Martian
surface.
After the failures, rumours of incompetence swept through the space industry.
NASA has since halted its Mars programme, and last month released the
results of its investigation into the disaster. The report paints an ugly
picture of an organisation stripped of core expertise after years of budget
cuts and a leader pushing a poorly defined and overambitious goal.
Downward spiral
Most worrying of all is the possibility that NASA's problems could get
worse. Critics say that a number of accidents, oversights and failures
in other NASA programmes indicate that other parts of the organisation
are stretched to breaking point. NASA, they say, is repeating the errors
that led to the Challenger disaster. In that accident in January 1986,
seven astronauts died when their space shuttle blew up on take-off. The
consequences of a future accident could, also, be fatal.
At the heart of the controversy is NASA's attempt to work more efficiently
and effectively with less money. The man who has steered NASA through
this change is Dan Goldin, previously an engineer and manager with the
US aerospace company TRW, who took over as head of the space agency in
1992. Goldin inherited an organisation still recovering from the Challenger
disaster and suffering from low morale.
Goldin immediately identified an area for improvement. NASA spent too
much on single missions and took too long to build them, he said, citing
examples such as the $1 billion Galileo mission to Jupiter, which took
more than a decade to design and build. Should a mission like this fail,
Goldin argued, the loss is simply too great to bear.
As if to emphasise the point, in 1993 the $800 million Mars Observer spacecraft
vanished without a trace as it was about to enter orbit around Mars. In
future, said Goldin, NASA would spread the risk by building large numbers
of smaller, cheaper spacecraft, so that losing one would be bearable.
Goldin also argued that by working more efficiently, it would be possible
to build better spacecraft, more quickly and for less money. He dubbed
this the "faster, better, cheaper" philosophy.
The new approach led to a number of spectacular successes. In 1997, the
Mars Pathfinder probe and its tiny rover generated worldwide interest
for a cost of only $200 million. The Mars Global Surveyor, which has been
in orbit around the Red Planet since 1997, cost about $250 million and
continues to send back spectacular high-resolution images of the surface.
But the two more recent disasters tell a different story. NASA did it
cheaper and faster, says John Pike, space policy director for the Federation
of American Scientists, but the result was worse, not better.
The FBC philosophy was widely criticised even before problems surfaced
in NASA's Mars programme. Paul Pencikowski, a former "Top Gun"
US Navy aviator and now a project manager for the Northrop Grumman aerospace
corporation in California, has had more than 20 years of experience in
aerospace technology development. In association with a management consulting
group called FasterBetterCheaper.com, he recently published a report entitled
"Faster, Better, Cheaper? A Critical View...." Pencikowski describes
how the background of constant cost overruns in the aerospace industry
created a demand for remedies. In the early 1980s, the phrase was "lightweight,
low cost" and a few years later came "cost as an independent
variable (CAIV)". "Following CAIV came literally dozens of platitudes-de-jour,"
Pencikowski says. "FBC is but the latest.”
The FBC philosophy flies in the face of an old engineering proverb: "Faster,
better, cheaper—choose two of the above." But for budget cutters,
the notion that a smart enough engineer could have all three at once proved
irresistible. Just how the new philosophy was supposed to be implemented
was not so clear.
Uncalculated risks
One of the major problems highlighted by Thomas Young, chairman of the
panel set up to investigate the Mars programme failures, was that his
team was unable to find a definition of the FBC philosophy. The Young
panel's report stated that while FBC encouraged the taking of risks, NASA
failed to define what a prudent risk might be. This allowed the levels
of risk in the Mars programme to rise to unacceptable levels.
The causes of Mars failures are remarkably similar to the state of affairs
that led up to the Challenger disaster in 1986. The accident occurred
when seals in the shuttle's booster rockets failed. But the real cause
lay deeper. Before the accident a number of engineers became worried about
the safety of the shuttle. There were vague suspicions of undefinable
problems, and engineers pointed out that the shuttle had not been tested
at the low temperatures that prevailed on the day.
The disaster investigation discovered that shuttle managers had broken
a fundamental rule of engineering. Every dictum of flight safety teaches
that safety must be positively established—and re-established if
conditions change. Yet despite the engineers' warnings, NASA managers
chose to cling to the assumption that the shuttle was safe, and challenged
the engineers to prove that it wasn't.
There is always a dynamic tension between engineers in aerospace projects
and their managers, many of whom are former engineers themselves. The
pressure to finish a project on time and within budget, the managers'
responsibility, must be balanced against the need to test the system thoroughly,
a task that falls to the engineer. In theory, tests can go on forever
as engineers find out how a spacecraft is affected by changes in temperature,
g-forces and radiation, to name only a few parameters. But at some point,
the decision to go ahead has to be taken, and in the Challenger disaster,
the pressure to launch had become so great that this balance was lost.
The Young report pointed out that the pressures on the managers of the
Mars programme were huge since there is a relatively small launch window
for missions to Mars and these occur only once every 26 months. The report
stated that when the goals of the project, its budget and its launch date
are all fixed, the only option for managers when things start going wrong
is to accept more risk. In practice, accepting more risk means carrying
out fewer tests so that mistakes are more likely to slip through.
The Mars craft's failure occurred because the craft's manufacturers, the
aerospace company Lockheed Martin, provided NASA with reference material
for the vehicle's navigation system using imperial units instead of metric
units, as NASA had requested. But investigators have suggested that even
after these mistakes had been made, the mission could have been saved
if the Mars Climate Orbiter team had taken more notice of warning signs
that the vehicle was off-course during its journey. Navigators' worries
about the spacecraft's trajectory were not taken seriously. The managers
assumed all was well unless it could be proven otherwise, just as in the
Challenger case. Afterwards, management even blamed the navigators for
not properly documenting their concerns.
Roger Boisjoly, a former space shuttle engineer whose intuition warned
him against approving the launch of Challenger on that tragic January
morning, is now an independent engineering consultant in Nevada. The flawed
decisions that doomed the Mars Climate Orbiter probe did not surprise
him at all, he told New Scientist. "I have known since the Challenger
disaster that nothing of substance has changed at NASA concerning their
management philosophy," he says. The devastating implication of Boisjoly's
criticisms is that other NASA programmes might be suffering similar problems
to the Mars missions.
Some former NASA space managers have said they have been warning NASA
about problems with FBC for years but have been ignored. Donna Shirley
worked on the highly successful Mars Pathfinder mission and became the
first project manager for the Mars Polar Lander. But after thirty years
in the space business, she chose to retire rather than see the project
though to its conclusion.
Her departure was a direct result of NASA not responding to her concerns.
"They kept adding to the project and not putting more money into
it," says Shirley, who is now assistant dean of engineering at the
University of Oklahoma. "I couldn't persuade them that they were
going too far with `better, faster, cheaper'," she says. "I
told them everything was going to fail." Shirley says that her resources
were spread too thinly. "There was no one to check and double-check,
and when you have complicated and complex missions you are going to make
mistakes that need catching.”
The Young report, however, puts the blame elsewhere. It points out that
the combined cost of the two failed missions was less than the price of
the successful Mars Pathfinder project, even though these missions were
more ambitious. "It was underfunded by at least 30 per cent,"
says the report, a huge margin in aerospace terms. One consequence of
this underfunding was that the teams did not test their spacecraft effectively,
as Shirley had predicted. In particular, the report says the two microprobes
carried by the Polar Lander had not been tested properly and were not
ready to be launched.
Young and his team also pointed out that NASA did not have enough experienced
scientists and engineers capable of managing the dramatically increased
number of space missions it was planning. The lack of experienced supervision
was a serious contributing factor in the failures, says Young.
Throughout the 1990s, the American space industry suffered continual cutbacks
and the decline in government aerospace budgets led to the number of workers
being halved. The most expensive workers tend to be older and more experienced,
and they have been the primary target of cost-conscious lay-offs. Since
the fourth quarter of 1992, more than 4500 scientists and engineers have
left NASA, of whom only 1000 were younger than 40.
Other experts agree. When a board appointed by the White House to investigate
a number of recent launch accidents released its report early last December,
it said that the main causes were connected with engineering and fabrication
flaws during the assembly of the boosters. This stemmed from a lack of
adequate management attention, possibly caused by the loss of the most
experienced employees to retirement, lay-offs and higher salaries elsewhere.
"We have started seeing the results of the cutbacks in the knowledge
of the people and the morale, particularly down at the Cape," says
Seymour Himmel, a retired NASA official and an aerospace expert who was
a member of the White House panel.
After the release of the Young report, Goldin stood up and shouldered
the blame. He admitted pushing the FBC philosophy too hard and said it
was time to rethink. NASA has now cancelled all but one of its planned
flights to Mars. The question now is whether this will be enough. The
gradual loss of expertise and reduced budgets influence every aspect of
NASA's work, not just the Mars programme. The biggest fear is that other
projects are now likely to fail.
Worrying signs that this might just be the case can be seen in another
of Goldin's projects, which is to come up with a cheaper and better way
of getting into space. This year, NASA had planned to fly a prototype
reusable rocket called the X-33 and costing $1 billion to design and build.
Late last year, however, the project suffered a major setback when a prototype
carbon-fibre fuel tank broke during routine tests (New Scientist, 20 November
1999 p 12). Critics say that the design was too ambitious and that NASA
should have realised it was taking on too much risk. It's a story that
now sounds remarkably familiar. Nobody now knows when the X-33 will fly.
And that's not all. Earlier this year, workers at the Marshall Space Flight
Center in Alabama accidentally threw away parts of the International Space
Station worth almost $1 million. And last year, after one of the NASA
space shuttles suffered a potentially serious short circuit during a mission,
the entire fleet had to be rewired. The problem turned out to be wires
broken by workers placing access platforms on top of them and even treading
on them during routine maintenance. All of these problems could easily
have been avoided.
NASA has shown in the past that it knows how to do all these things well.
The cost of forgetting is now measured in hundreds of millions of dollars,
years of delay and public humiliation. So far, no more human lives have
been lost but the question NASA must answer is whether this will continue.
James Oberg is a space writer and a former spaceflight engineer
|