Wayne Hale’s Blog: Human Rating A Spacecraft
Recently you may have heard about former astronaut Scott Parazynskis adventure to climb Mt. Everest. He carried a sliver of a moon rock from Apollo 11 with him, and then picked up a sliver of a rock from the top of the highest mountain in the world. These two rocks were encased in plastic, handed over to NASA, and flew aboard the space shuttle to be installed in the new Tranquility module of the International Space Station. All very inspiring and good.
Now for the rest of the story.
All items to fly aboard the shuttle and/or reside on the station have to go through a safety review process. One of NASAs early and painful lessons was the Apollo 1 fire. Fire in space could clearly be catastrophic, and the oxygen content of the atmosphere of both the shuttle and the station has some variability and can be higher than normal earth atmospheric oxygen content. It turns out that the plastic which the two rocks were encased in has bad properties in a fire situation. To their credit, the new NASA safety organization attitudeis no longer No because but Yes if. The memento could be flown and displayed on the ISS if it were encased in another transparent, fire safe material. If you see it today on the ISS, the rocks are doubly enclosed, once in bad plastic, and over that a layer of good polymer.
Now, is this bureaucratic overkill? Would you have fire safety disregarded? How would you handle this situation if you were in charge? Just take the risk? Or do the bureaucratic thing and apply another layer of safety? Careful with your answer. Ive had to face crewmembers families after their loved one perished. That experience makes you think very hard about these kinds of decisions.
There is a debate going on about human rating spacecraft – making them safe enough for people to fly on. It is really a debate about safety and how much NASA will be involved in ensuring that commercial providers of space transportation services are safe. There has been a lot said about human rating space vehicles lately, much of it confusing. Read NASAs requirements document for yourself at this location: http://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPR&c=8705&s=2B
Even if you read it thoroughly you will not understand what is really being said unless youunderstand the context and the NASA culture in which it resides. Just reading the document without understanding the organization will lead you to wildly erroneous conclusions. Let me try to put this document in perspective and plain language.
The first conclusion is obviously this document was written for a government run program in the style of Shuttle or Station. The underlying assumption is that the NASA Program Manager makes the decisions within the framework of the NASA management structure. So to apply this document to commercial human spaceflight will take a re-writing. In fact, a committee is already working on a new version which would apply to vehicles on which NASA might buy seats.
The second conclusion is illustrated by the drawing on page 2.
So the Human Rating Requirements NPR 8705.2B is only a small selection of the standards and processes that go into human rating a spacecraft. As the document says early on . . . complex space hardware requires all missions to meet high standards . . . This NPR is to define and implement additional processes . . . necessary to human-rate space systems . . . this NPR is linked to, and depends upon, many of the requirements . . . contained in other NASA directives.
Are you getting the picture?
When I was shuttle program manager, I asked how many standards were levied on the shuttle program. The answer was in excess of 40,000. How can that be, you might ask. Easily, I would reply. There are all kinds of standards: welding standards, parts standards, cleanliness standards, fracture control standards, vibration standards, EMI standards, wiring standards, mil standards and mil specs, software design and testing standards, and on and on and on.
For a short list of some of NASA technical standards all of which are likely to be applied to commercial human spaceflight – visit this page: http://standards.nasa.gov/documents/nasa
But wait, thats not all! Each of these documents requires the use of more reference standards. Let me give you an example of further standards referenced from a NASA parent standard; this from a recent presentation:
NASA-STD-4003 September 8, 2003 Electrical Bonding for NASA Launch Vehicles, Spacecraft, Payloads, and Flight Equipment (25 pages)
+ Mil C-5541, Rev E 11/30/1990 Military Specification, Chemical Conversion Coatings on Aluminum and Aluminum Alloys
+ SAE-AMS-M-3171 4/01/1998 Magnesium Alloy, Processes for Pretreatment and Prevention of Corrosion on
+ SAE-ARP-5412 11/1/1999 Aircraft Lightning Environment and Related Test Waveforms
That is a short standard with a short subsidiary list. Remember that if your electrical equipment is not well bonded (grounded), you are likely to have a serious problem. This is precisely an example of the care and expertise that goes into aerospace vehicles to make them successful and safe. Norm Augustines book declares the $5000 dollar electronic component will always fail so as to protect the 50 cent fuse (Electronics boxes were cheaper in his day). Even better to remember is Michelangelos famous dictum: Trifles make perfection, but perfection is no trifle.
There are a variety of standards available in the world, and I was very un-amused one day to be drawn into a debate by two technical warrant holders over which welding standard was superior: the ANSI or the ASME. The ISS organization has cheerfully adopted European or Japanese standards for the components built overseas. But whether the spacecraft was built in the USA or overseas, at every step in the design, testing, and production of a space vehicle, there is some NASA organization or person who has been invested with the power to enforce those standards.
Armchair authorities like to discuss the big ticket items in the Human Ratings Requirements: redundancy requirements for fault tolerance, or minimum factor of safety for structures as examples. Real rocket builders know while those are important, the real key to safety and success is very much more affected by the quality of parts and myriad individual steps in workmanship of the end product. These are measured against thousands of individual checks against the appropriate standard. So you must realize the vast majority of standards and requirements do not show up in the NPR 8705.2B Human Ratings Requirements document, they must be searched out in a hundred subordinate documents.
A third observation can also be made very early in the document. NASA has technical authorities for safety, engineering, health/medical, and crew. Following the Columbia Accident Investigation Board recommendations, the agency was reorganized so that the technical authorities do not work for the program but maintain independence to ensure that NASA programs are executed safely. In fact, if a technical authority disagrees with the program manager, it is the program manager who must comply or appeal to a higher authority. This is designed to ensure that cost and schedule pressures do not lead to unsafe decisions.
Transparency in government: the NASA governance model can be read at: http://nodis3.gsfc.nasa.gov/npg_img/N_PD_1000_000A_/N_PD_1000_000A_.pdf
Here is an interesting and operative paragraph:
3.4.2.1.4 Authority Roles Regarding Risk Decisions related to technical and operational matters involving safety and mission success risk require formal concurrence by the cognizant Technical Authorities (Engineering, Safety and Mission Assurance, and Health and Medical). This concurrence is based on the technical merits of the case and includes agreement that the risk is acceptable. For matters involving human safety risk, the actual risk taker(s) (or official spokesperson[s] and his/her/their supervisory chain) must formally consent to taking the risk; and the responsible program, project, or operations manager must formally accept the risk.
What does that mean in plain language? Basically the builder must comply with what the independent technical expert requires.
I can remember one shuttle issue with the agency tribology expert (thats lubrication to most folks). The technical expert would not budge a millimeter (0.254 inch) in requiring servicing of a part almost inaccessible deep in the bowels of the orbiter. The agency technical experts have absolutely no incentive to back off on their standards. They are independent of the program. They are not concerned with cost or schedule, only with compliance. Compliance brings about safety, why would we want them to do anything less?
How will that fit with a lean, entrepreneurial commercial organization with a profit/loss bottom line? Heck if I know.
So on about the fourth page of the Human Ratings Requirements document you can read that before work starts on a spacecraft design, a meeting is convened of the technical authorities to tell the program manager what standards and specifications the new vehicle will have to meet.
Dont forget the legend that is stamped on the top of the front page: Compliance is Mandatory
Thats probably enough for an overview. We may visit the in-depth requirements on another day.
Remember that the requirements document for commercial services is being written and the NASA governance model can change at any time. So this discussion serves as a background of where we are today and where we have been, not necessarily where we are going to go in the future.
My takeaway?
The agency tried really hard to be as safe as possible and we still had the Apollo 1 fire, close calls on several lunar missions the most famous of which was Apollo 13 and we lost Challenger and Columbia. In spite of our best intentions and best efforts.
Ill quote myself from my blog post Sine Non Qua on Sept. 11, 2009:
Six years after the loss of Columbia, Im not sure that we can make a spacecraft safe, but I have empirical evidence that proves beyond a shadow of a doubt that we can make it expensive.