Houston, we have a problem
New Scientist vol 166 issue 2234 - 15 April 2000, page 26
A catalogue of lost spacecraft and human errors has left NASA with egg on its face. But how many other disasters are waiting to happen, asks James Oberg
THERE is a particularly treacherous type of accident which occasionally destroys aircraft that are working faultlessly. It is called "controlled flight into terrain", and it occurs when some sort of human error on the aircraft or on the ground causes it to fly into the dirt.
Last September an accident like this occurred on Mars. Space workers at NASA's Jet Propulsion Laboratory in Pasadena sent routine navigational commands to the Mars Climate Orbiter as it approached the red planet. But due to a series of human errors, the commands turned out to be wrong and the probe dipped low into the atmosphere instead of entering orbit. The spacecraft probably blew up, burned up or buried itself in the Martian soil; either way NASA never heard from it again. It was a classic "controlled flight into terrain" accident, but this time on another planet.
Only a few weeks later, in early December, NASA's Mars Polar Lander entered the Martian atmosphere. During the descent, the vehicle was supposed to release a pair of microprobes that would hit the surface, penetrate the soil, analyse it, and then broadcast the results. NASA never heard from the microprobes or the Polar Lander again. The best guess is that the Lander turned off its braking rockets too early and slammed into the Martian surface.
After the failures, rumours of incompetence swept through the space industry. NASA has since halted its Mars programme, and last month released the results of its investigation into the disaster. The report paints an ugly picture of an organisation stripped of core expertise after years of budget cuts and a leader pushing a poorly defined and overambitious goal.
Downward spiral
Most worrying of all is the possibility that NASA's problems could get worse. Critics say that a number of accidents, oversights and failures in other NASA programmes indicate that other parts of the organisation are stretched to breaking point. NASA, they say, is repeating the errors that led to the Challenger disaster. In that accident in January 1986, seven astronauts died when their space shuttle blew up on take-off. The consequences of a future accident could, also, be fatal.
At the heart of the controversy is NASA's attempt to work more efficiently and effectively with less money. The man who has steered NASA through this change is Dan Goldin, previously an engineer and manager with the US aerospace company TRW, who took over as head of the space agency in 1992. Goldin inherited an organisation still recovering from the Challenger disaster and suffering from low morale.
Goldin immediately identified an area for improvement. NASA spent too much on single missions and took too long to build them, he said, citing examples such as the $1 billion Galileo mission to Jupiter, which took more than a decade to design and build. Should a mission like this fail, Goldin argued, the loss is simply too great to bear.
As if to emphasise the point, in 1993 the $800 million Mars Observer spacecraft vanished without a trace as it was about to enter orbit around Mars. In future, said Goldin, NASA would spread the risk by building large numbers of smaller, cheaper spacecraft, so that losing one would be bearable. Goldin also argued that by working more efficiently, it would be possible to build better spacecraft, more quickly and for less money. He dubbed this the "faster, better, cheaper" philosophy.
The new approach led to a number of spectacular successes. In 1997, the Mars Pathfinder probe and its tiny rover generated worldwide interest for a cost of only $200 million. The Mars Global Surveyor, which has been in orbit around the Red Planet since 1997, cost about $250 million and continues to send back spectacular high-resolution images of the surface. But the two more recent disasters tell a different story. NASA did it cheaper and faster, says John Pike, space policy director for the Federation of American Scientists, but the result was worse, not better.
The FBC philosophy was widely criticised even before problems surfaced in NASA's Mars programme. Paul Pencikowski, a former "Top Gun" US Navy aviator and now a project manager for the Northrop Grumman aerospace corporation in California, has had more than 20 years of experience in aerospace technology development. In association with a management consulting group called FasterBetterCheaper.com, he recently published a report entitled "Faster, Better, Cheaper? A Critical View...." Pencikowski describes how the background of constant cost overruns in the aerospace industry created a demand for remedies. In the early 1980s, the phrase was "lightweight, low cost" and a few years later came "cost as an independent variable (CAIV)". "Following CAIV came literally dozens of platitudes-de-jour," Pencikowski says. "FBC is but the latest.”
The FBC philosophy flies in the face of an old engineering proverb: "Faster, better, cheaper—choose two of the above." But for budget cutters, the notion that a smart enough engineer could have all three at once proved irresistible. Just how the new philosophy was supposed to be implemented was not so clear.
Uncalculated risks
One of the major problems highlighted by Thomas Young, chairman of the panel set up to investigate the Mars programme failures, was that his team was unable to find a definition of the FBC philosophy. The Young panel's report stated that while FBC encouraged the taking of risks, NASA failed to define what a prudent risk might be. This allowed the levels of risk in the Mars programme to rise to unacceptable levels.
The causes of Mars failures are remarkably similar to the state of affairs that led up to the Challenger disaster in 1986. The accident occurred when seals in the shuttle's booster rockets failed. But the real cause lay deeper. Before the accident a number of engineers became worried about the safety of the shuttle. There were vague suspicions of undefinable problems, and engineers pointed out that the shuttle had not been tested at the low temperatures that prevailed on the day.
The disaster investigation discovered that shuttle managers had broken a fundamental rule of engineering. Every dictum of flight safety teaches that safety must be positively established—and re-established if conditions change. Yet despite the engineers' warnings, NASA managers chose to cling to the assumption that the shuttle was safe, and challenged the engineers to prove that it wasn't.
There is always a dynamic tension between engineers in aerospace projects and their managers, many of whom are former engineers themselves. The pressure to finish a project on time and within budget, the managers' responsibility, must be balanced against the need to test the system thoroughly, a task that falls to the engineer. In theory, tests can go on forever as engineers find out how a spacecraft is affected by changes in temperature, g-forces and radiation, to name only a few parameters. But at some point, the decision to go ahead has to be taken, and in the Challenger disaster, the pressure to launch had become so great that this balance was lost.
The Young report pointed out that the pressures on the managers of the Mars programme were huge since there is a relatively small launch window for missions to Mars and these occur only once every 26 months. The report stated that when the goals of the project, its budget and its launch date are all fixed, the only option for managers when things start going wrong is to accept more risk. In practice, accepting more risk means carrying out fewer tests so that mistakes are more likely to slip through.
The Mars craft's failure occurred because the craft's manufacturers, the aerospace company Lockheed Martin, provided NASA with reference material for the vehicle's navigation system using imperial units instead of metric units, as NASA had requested. But investigators have suggested that even after these mistakes had been made, the mission could have been saved if the Mars Climate Orbiter team had taken more notice of warning signs that the vehicle was off-course during its journey. Navigators' worries about the spacecraft's trajectory were not taken seriously. The managers assumed all was well unless it could be proven otherwise, just as in the Challenger case. Afterwards, management even blamed the navigators for not properly documenting their concerns.
Roger Boisjoly, a former space shuttle engineer whose intuition warned him against approving the launch of Challenger on that tragic January morning, is now an independent engineering consultant in Nevada. The flawed decisions that doomed the Mars Climate Orbiter probe did not surprise him at all, he told New Scientist. "I have known since the Challenger disaster that nothing of substance has changed at NASA concerning their management philosophy," he says. The devastating implication of Boisjoly's criticisms is that other NASA programmes might be suffering similar problems to the Mars missions.
Some former NASA space managers have said they have been warning NASA about problems with FBC for years but have been ignored. Donna Shirley worked on the highly successful Mars Pathfinder mission and became the first project manager for the Mars Polar Lander. But after thirty years in the space business, she chose to retire rather than see the project though to its conclusion.
Her departure was a direct result of NASA not responding to her concerns. "They kept adding to the project and not putting more money into it," says Shirley, who is now assistant dean of engineering at the University of Oklahoma. "I couldn't persuade them that they were going too far with `better, faster, cheaper'," she says. "I told them everything was going to fail." Shirley says that her resources were spread too thinly. "There was no one to check and double-check, and when you have complicated and complex missions you are going to make mistakes that need catching.”
The Young report, however, puts the blame elsewhere. It points out that the combined cost of the two failed missions was less than the price of the successful Mars Pathfinder project, even though these missions were more ambitious. "It was underfunded by at least 30 per cent," says the report, a huge margin in aerospace terms. One consequence of this underfunding was that the teams did not test their spacecraft effectively, as Shirley had predicted. In particular, the report says the two microprobes carried by the Polar Lander had not been tested properly and were not ready to be launched.
Young and his team also pointed out that NASA did not have enough experienced scientists and engineers capable of managing the dramatically increased number of space missions it was planning. The lack of experienced supervision was a serious contributing factor in the failures, says Young.
Throughout the 1990s, the American space industry suffered continual cutbacks and the decline in government aerospace budgets led to the number of workers being halved. The most expensive workers tend to be older and more experienced, and they have been the primary target of cost-conscious lay-offs. Since the fourth quarter of 1992, more than 4500 scientists and engineers have left NASA, of whom only 1000 were younger than 40.
Other experts agree. When a board appointed by the White House to investigate a number of recent launch accidents released its report early last December, it said that the main causes were connected with engineering and fabrication flaws during the assembly of the boosters. This stemmed from a lack of adequate management attention, possibly caused by the loss of the most experienced employees to retirement, lay-offs and higher salaries elsewhere. "We have started seeing the results of the cutbacks in the knowledge of the people and the morale, particularly down at the Cape," says Seymour Himmel, a retired NASA official and an aerospace expert who was a member of the White House panel.
After the release of the Young report, Goldin stood up and shouldered the blame. He admitted pushing the FBC philosophy too hard and said it was time to rethink. NASA has now cancelled all but one of its planned flights to Mars. The question now is whether this will be enough. The gradual loss of expertise and reduced budgets influence every aspect of NASA's work, not just the Mars programme. The biggest fear is that other projects are now likely to fail.
Worrying signs that this might just be the case can be seen in another of Goldin's projects, which is to come up with a cheaper and better way of getting into space. This year, NASA had planned to fly a prototype reusable rocket called the X-33 and costing $1 billion to design and build.
Late last year, however, the project suffered a major setback when a prototype carbon-fibre fuel tank broke during routine tests (New Scientist, 20 November 1999 p 12). Critics say that the design was too ambitious and that NASA should have realised it was taking on too much risk. It's a story that now sounds remarkably familiar. Nobody now knows when the X-33 will fly.
And that's not all. Earlier this year, workers at the Marshall Space Flight Center in Alabama accidentally threw away parts of the International Space Station worth almost $1 million. And last year, after one of the NASA space shuttles suffered a potentially serious short circuit during a mission, the entire fleet had to be rewired. The problem turned out to be wires broken by workers placing access platforms on top of them and even treading on them during routine maintenance. All of these problems could easily have been avoided.
NASA has shown in the past that it knows how to do all these things well. The cost of forgetting is now measured in hundreds of millions of dollars, years of delay and public humiliation. So far, no more human lives have been lost but the question NASA must answer is whether this will continue.
James Oberg is a space writer and a former spaceflight engineer |