IMPLEMENTATION of the RECOMMENDATIONS

of the Presidential Commission on the Space Shuttle Challenger Accident

 

EXECUTIVE SUMMARY

 

[1] Overview

In the year since the Presidential Commission made its report on the Space Shuttle Challenger accident, NASA has prosecuted an intensive, across-the-board effort dedicated to returning to safe, reliable space flight. This recovery activity has three key aspects: the technical engineering changes being selected and implemented; the new procedures, safeguards, and internal communication processes that have been or are being put in place; and the changes in personnel, organizations, and attitudes that have come about.

The design of the solid rocket motor has been changed. The new design eliminates the weakness that led to the accident and allows incorporation of a number of desirable improvements as well. The new rocket motors will be tested in a series of full-scale firings before the next Shuttle flight.

Every element of the Shuttle system has been reviewed, and improved hardware and software are being added to enhance safety. For example, the landing system is being improved, the main liquid-fueled engines are being modified to provide additional operating margin, and many other technical improvements to both flight and ground systems are being developed, tested, and incorporated into the overall National Space Transportation System.

Significant new procedures are being implemented to provide independent safety, reliability, maintainability, and quality assurance functions. A completely new organization, reporting directly to the NASA Administrator, now provides independent oversight of all critical flight safety matters. The new office contributes directly to the solution of technical problems by working with the responsible program organization but retains its separate identity as final arbiter of safety and related matters.

Sweeping personnel and organizational changes begun immediately after the accident are now complete. A new, streamlined management team has been put in place at NASA Headquarters, with new people well down within the field centers. Special attention is being given to the critical issues of management isolation and the tendency toward technical complacency, which, combined with schedule pressure, led to an erosion in flight safety. It is imperative that return to safe, reliable space flight be accompanied by an intensified awareness that no space flight is without risk, and that NASA's responsibility is to control and contain that risk without claiming its elimination. This philosophy of space flight operations is the controlling one in today's Space Shuttle Program.

[2] This status report on the implementation of the Presidential Commission recommendations records the successful steps taken and those yet to be taken before committing again to send Americans into space. The Presidential Commission investigating the accident issued a formal, in-depth report on June 6 1986, that grouped its findings and recommendations under nine headings; those same nine headings were used to organize the interim NASA response of June 13, 1986, and are faithfully repeated here, both in this summer: and in Part 1 of the full report. Virtually all of NASA's ongoing Shuttle recovery effort is described under the appropriate headings including work undertaken in addition to the Commission recommendations. For completeness, Part 2 of the report records a number of related NASA activities falling outside the scope of the nine recommendations but integral to the recovery effort.

 

RECOMMENDATION I

The Commission recommended that the design of the solid rocket motor be changed, that the testing of the new design reflect the operational environment, and that the National Research Council form a committee to provide technical oversight of the redesign effort.

NASA has performed a thorough evaluation of the solid rocket motor design. This effort, although centered on the rocket motor field joint, resulted in design changes to other components of the motor. The field joint has been redesigned to provide high confidence in its ability to seal under all operating conditions. The redesign includes a new tang capture latch that controls movement between the tang and clevis in the joint, a third O-ring seal, insulation design improvements, and an external heater with integral weather seals. The nozzle-to-case joint, the case parts, insulation, and seals have been redesigned to preclude seal leakage observed in prior flights.

The nozzle metal parts, ablative components, and seals have been redesigned to improve redundancy and to provide a capability for pressure verification of seals. Other nozzle modifications include improvements to the inlet, cowl/boot, and aft exit assemblies.

Modifications have been incorporated into the igniter case chamber and into the factory joints to improve their margins of safety. The igniter case chamber wall thickness is being increased. Additional internal insulation and an external weather seal have been added to the factory joint.

Ground support equipment has been redesigned to minimize case distortion during storage and handling, to improve case measurement and rounding techniques for assembly, and to improve leak testing capabilities.

Component laboratory tests, combined with subscale simulation tests and full-scale tests, are being conducted to meet verification requirements. Several small-scale and fullscale joint tests have been successfully completed to date, confirming insulation designs and joint deflection analyses. One engineering test, two developmental, and three qualification full-scale motor test firings will be completed before the next flight. The engineering test motor was fired on May 27, 1987, and early analysis of the data indicates that the test met its objectives.

The horizontal attitude was selected as the optimum position for static firing, and a second test stand, with capability to introduce dynamic loads at the external tank/solid rocket motor aft attach struts, is under construction and will support testing for first flight.

Improved nondestructive evaluation techniques are being developed, in conjunction with the Air Force, to perform ultrasonic inspection and mechanical testing of propellant and insulation bonding surfaces. Complete X-ray testing of all segments will be reinstated for near-term flights.

Contingency planning includes development of alternate designs, which do not utilize existing hardware, for the field and nozzle-to-case joints and for the rocket motor nozzle.

A National Research Council Solid Rocket Motor Independent Oversight Panel, chaired by Dr. H. Guyford Stever, former science advisor to President Nixon, reports directly to the NASA Administrator. The panel is actively reviewing the solid rocket motor design, verification analyses, and test planning and is participating in the major program reviews, including the preliminary requirements and the preliminary design [3] reviews. Three reports containing the panel observations and recommendations have been submitted to the Administrator. The recommendations have been carefully reviewed and appropriate actions have been taken by NASA.

Separate from the oversight panel and working directly with the solid rocket motor design team is a technical advisory group consisting of 12 senior engineers from NASA and the aerospace industry and a separate group of representatives from four major solid motor manufacturers. The advisory group reviews the redesign status and provides suggestions and recommendations to NASA and to Morton Thiokol, the design contractor.

The solid rocket motor manufacturers- Aerojet Strategic Propulsion Company; Atlantic Research Corporation; Hercules Incorporated; and United Technologies Corporation, Chemical Systems Division-were requested under special contracts to review and comment on the present design approach and to propose alternate approaches that they felt would enhance the design. As a result of these and other studies under way, NASA has initiated a definition study for a new advanced solid rocket motor.

 

RECOMMENDATIONS II AND V

The Commission recommended (II) that the Space Shuttle Program management structure be reviewed, that astronauts be encouraged to make the transition into management positions, and that a flight safety-panel be established.

The Commission recommended (V) that the tendency for management isolation be eliminated, that a policy on launch constraints be developed, and that critical launch readiness reviews be recorded.

In March 1986, the newly appointed Associate Administrator for Space Flight, former astronaut Rear Admiral Richard Truly, initiated a review of the Shuttle program management structure and communications. After the Commission report was issued, Captain Robert L. Crippen, a veteran of four Shuttle flights, was assigned responsibility for developing the response to Commission recommendations II and V. This effort resulted in the establishment of a Director, National Space

Transportation System (NSTS), reporting directly to the Associate Administrator for Space Flight, and other changes necessary to strengthen the Shuttle program management structure and improve lines of authority and communication.

The Director, NSTS, has two deputies: the Deputy Director, NSTS Program, a NASA Headquarters employee located at the Johnson Space Center (JSC), responsible for day-to-day management and execution of the NSTS program; and the Deputy Director, NSTS Operations, a headquarters employee located at the Kennedy Space Center (KSC), responsible for all operational aspects of the program.

The Director of the Shuttle Projects Office at Marshall Space Flight Center (MSFC) has been designated as a NASA Headquarters employee, reporting to the Deputy Director, NSTS Program, and is responsible for management and technical coordination of the MSFC project elements.

To ensure direct involvement in program activities, the Flight Crew Operations, Mission Operations, and Mission Support directorates at ]SC have been designated as NSTS project elements.

At KSC, Shuttle Operations and Engineering have been consolidated under the Director of STS Management and Operations, who is responsible for all Shuttle processing activities and reports to the Center Director. Other KSC organizational realignments have strengthened payload operations and safety, reliability, and quality assurance.

Substantive key personnel changes in the NASA leadership have occurred since the accident. NASA has a new Administrator, Deputy Administrator, and Associate Deputy Administrators for Policy and for Institutions; new associate administrators for Space Flight, for Space Station, for Science and Applications, for External Affairs, and for Safety, Reliability, Maintainability, and Quality Assurance; a new Center Director at KSC and at MSFC; and a new Director and Deputy Director at JSC.

At MSFC, several personnel changes have been made, including the Director of Shuttle Projects, Solid Rocket Booster Project Manager, and Director of Science and Engineering. Additional changes have been made within [4] these organizations to provide strong technical management and leadership.

The Office of Space Flight Management Council has been revitalized. This council, consisting of the Associate Administrator and the directors of JSC, KSC, MSFC, and National Space Technology Laboratories, meets on a regular basis to review program progress, major decisions and issues, and to provide the Associate Administrator with an independent assessment of program status. The Director, NSTS, and his organizational elements support the management council as required.

The flight readiness review and mission management team processes have been strengthened. The Director of Flight Crew Operations will participate in both of these activities and the flight crew commander, or a representative, will attend the flight readiness review. These meetings will be recorded, and formal minutes will be published.

Program management requirements and directives have been updated to ensure that clear, concise direction exists to implement the organizational changes, improve communication among involved program elements, and formalize the overall management of the NSTS Program.

The NSTS funding process has been revised, and the Director, NSTS, now has full control over program funding at the centers.

Since the accident, several current and former astronauts have been assigned to top management positions, including the Associate Administrator for Space Flight; Associate Administrator for External Affairs; Acting Assistant Administrator, Office of Exploration; Chief, Headquarters Operational Safety Branch; Deputy Director, NSTS Operations; JSC Deputy Center Director; Chairman of the Space Flight Safety Panel; and the former Chief of the Astronaut Office as Special Assistant to the JSC Director for Engineering, Operations, and Safety.

A Space Flight Safety Panel, chaired by astronaut Bryan O'Connor, has been established. The panel reports to the Associate Administrator for Safety, Reliability, Maintainability, and Quality Assurance. The panel's charter is to promote flight safety for all NASA space flight programs involving flight crews, including Space Shuttle and Space Station.

 

RECOMMENDATION III

The Commission recommended that the critical items and hazard analyses be reviewed to identify items requiring improvement prior to flight to I ensure safety and that the National Research

Council verify the adequacy of this effort. , Failure modes and effects analyses, critical I item lists, and hazard analyses are techniques used by the NSTS to identify the potential for failure of critical flight hardware; to determine I the effect of the failure on the crew, vehicle, or | mission; and to ensure that the criticality of the item is reflected in the program | documentation.

Several reviews were initiated by program management in March 1986 to reevaluate failure analyses of critical hardware items and hazards. These reviews are providing improved analyses and identifying hardware designs requiring improvement prior to flight to ensure mission success and enhance flight safety.

A review of critical items, failure modes and effects analyses, and hazard analyses for all Space Shuttle systems is well under way. Detailed instructions for preparation of these items were developed to ensure that common ground rules are applied to each project element analysis.

Each NASA element project office and its prime contractor are reviewing their systems to identify any areas in which the design does not meet program requirements; to verify the assigned criticality of items; to identify new items; and to update the documentation. The Astronaut Office and Mission Operations Directorate are participating in these reviews. A parallel review for each element is being conducted by an independent contractor. Upon completion of this effort, each element will submit those items that have failure modes which cannot meet full design objectives to the Program Requirements Control Board, chaired by the Director, NSTS. The board reviews the documentation, concurs in the proposed rationale for safely accepting the item, and issues a waiver to the design requirement, if appropriate.

[5] The National Research Council Committee on Shuttle Criticality Review and Hazard Analysis Audit, chaired by retired USAF General Alton Slay, reports directly to the NASA Administrator. It is responsible for verifying the adequacy of the proposed actions for returning the Space Shuttle to flight status. The committee has visited several Shuttle element prime contractors, JSC, KSC, and MSFC and has hosted a series of technical reviews in Washington, D.C.

In its interim report of January 13, 1987, the committee expressed concern that critical items are not adequately prioritized to highlight items that may be most significant. NASA is implementing a critical items prioritization system for the Shuttle program that is expected to alleviate the committee's concerns.

The committee is continuing its audit by examining the Shuttle risk management approach, including design qualification and flight certification criteria, launch commit criteria and waiver policy, structural margin analyses, software risk management, and the payload safety process. A final committee report is anticipated this year.

 

RECOMMENDATION IV

The Commission recommended that NASA establish an Office of Safety, Reliability, and Quality Assurance, reporting to the NASA Administrator, with responsibility for related functions in all NASA activities and programs.

The NASA Administrator established a new NASA Headquarters organization, the Office of Safety, Reliability, Maintainability, and Quality Assurance (SRM&QA), and appointed Mr. George Rodney as the Associate Administrator. The Operational Safety Branch of that office is headed by astronaut Fred Gregory. The new organization centralizes agency policy in its areas of responsibility, provides for NASA-wide standards and procedures, and establishes an independent reporting line to top management (up to the NASA Administrator, if required) for critical problem identification and analysis. The new office exercises functional management responsibility and authority over the related organizations at all NASA field centers and major contractors.

The new organization is participating actively and directly in specific NSTS activities such as the hardware redesign, failure modes and effects analysis, critical item identification, hazard analysis, risk assessment, and space flight system assurance. This approach allows the NSTS Program line management at headquarters and in the field to benefit, on a continuing basis, from the professional safety contributions of an independent office without interrupting the two different reporting lines to top management.

Additional safeguards have been added by both the line project management and the SRM&QA organization to ensure that there is free, open, rapid communication upward and downward within all agency activities responsible for safety of flight. Such robust multiple communication pathways should eliminate the possibility of serious issues not rising to the attention of senior management.

 

RECOMMENDATION VI

The Commission recommended that NASA take action to improve landing system safety margin and to determine the criteria under which planned landings at Kennedy would be acceptable.

NASA is improving the performance, reliability, and safety of the orbiter landing systems and providing additional capability at the various landing sites to reduce risks to crew and equipment during nominal and abort landings.

Several orbiter landing system modifications will be incorporated for the first flight. A tire pressure monitoring system will provide the crew and the Mission Control Center with tire pressure status before deorbit and landing. These data will contribute to the landing runway selection decisions and to overall safe operations. A thick-stator beryllium brake will increase brake energy margin. A change to the flow rates in the brake hydraulic system, a stiffer main gear axle, and a balanced brake pressure application feature will contribute to decreased brake wear upon landing and provide additional safety margin.

Tests at the Langley Research Center test track have defined tire cornering forces and wear characteristics. These data were used in [6] Ames Research Center simulations to verify landing system performance. Nose wheel steering system gains verified in the Ames simulations are being incorporated into the flight software. A proposed anti-skid system modification was verified by utilizing the flight antiskid equipment in the Ames simulations.

Several other changes are being evaluated to support longer-term upgrading of the landing system. A new structural carbon brake, with increased energy capacity, has been approved and will be available in 1989. A fail-operational/fail-safe nose wheel steering design, including redundant nose wheel hydraulics capability, is being reviewed by the Orbiter Project Office for later implementation.

The initial Shuttle flights are scheduled to land at the Edwards Air Force Base complex. Total understanding of landing performance data, successful resolution of significant landing system anomalies, and increased confidence in weather prediction capabilities are preconditions to resuming planned end-of-mission landings at the Kennedy Space Center.

 

RECOMMENDATION VII

The Commission recommended that NASA make every effort to increase the capability for an emergency runway landing following loss of two or three engines during early ascent and to provide a crew escape system for use during controlled gliding flight.

Launch and launch abort mode definition, flight and ground procedures, range safety, weather, flight and ground software, flight rules, and launch commit criteria have been reviewed. Changes resulting from this activity are being incorporated into the appropriate documentation, including ground operating procedures, and the on-board flight data file.

Abort trajectories, vehicle performance, weather requirements, abort site locations, support software, ground and on-board procedures, and abort decision criteria were reviewed to ensure that the requirements provide for maximum crew safety in the event an abort is required. The review resulted in three actions: the landing field at Ben Guerir, Morocco, was selected as an additional transatlantic abort landing site (landing sites avail able on the European and African continents); ground rules for managing nominal and abort performance were established and the ascent data base was validated and documented; and a permanent Launch Abort Panel was established to coordinate all operational and engineering aspects of ascent-phase contingencies.

The external tank range safety system i~ being reviewed by representatives from NASA and the Air Force. This review readdresses the issue of whether the range safety system is required to ensure propellant dispersal capability in the event of an abort during the critical first minutes of flight. The results of this analysis will be available in early 1988. Other aspects of the range safety process have been reviewed, and no unresolved issues were identified.

Flight rules (which define the response to specific vehicle anomalies that might occur during flight) are being reviewed and updated. The Flight Rules Document is being reformatted to include both the technical and operational rationale for each rule. The review process is validating the performance limits set for each system and the data source for those limits.

Launch commit criteria (which define responses to specific vehicle and ground support system anomalies that might occur during launch countdown) are being reviewed and updated. These criteria are being modified to include the technical and operational rationale and to document any procedural work-arounds that would allow the countdown to proceed in the event one of the criteria was violated.

Although a final decision to implement a Space Shuttle crew escape capability has not been made, the requirements for a system to provide crew egress during controlled gliding flight have been established. Requirements for safe egress of up to eight crew members were determined through a review of escape routes, time lines, escape scenarios, and proposed orbiter modifications.

The options for crew egress involve manual and powered extraction techniques. Design activities and wind tunnel assessments for each have been initiated. The manual egress design must ensure that the crew member [7] does not contact the vehicle immediately after exiting the crew module. Several approaches being assessed for reducing potential contact include a deployable side hatch tunnel that provides sufficient initial velocity to prevent crew/vehicle contact and an extendable rod and/or rope that places the crew release point in a region of safe exit. Both approaches provide for crew egress through the orbiter side hatch.

The powered extraction technique involves additional weight and crew compartment complexity and must be thoroughly evaluated to ensure that no safety hazards or additional risks would result from its implementation.

Development of a rocket-powered extraction capability for use in a crew egress/escape system has been authorized by the Director, NSTS. Crew escape would be initiated during controlled gliding flight at an altitude of 20,000 feet and a velocity of 200 miles per hour. The system consists of a jettisonable crew hatch (which has been approved for installation and is also applicable to the manual bail-out mode) and individual rockets to extract the crew from the vehicle before it reaches an altitude of 10,000 feet.

Ground egress procedures and support systems are being reviewed to determine their capability to ensure safe emergency evacuation from the orbiter at the pad or following a nonnominal landing. An egress slide, similar to that used on commercial aircraft, is being designed for use should an emergency escape be required after a runway landing.

A study has been initiated to evaluate the feasibility of future escape systems that would potentially expand the crew survival envelope to include first-stage (solid rocket boosters thrusting) flight. Study objectives include determination of system cues to indicate the I need for escape, methods of escape initiation, and escape system design.

In support of this overall study, NASA has requested the Naval Air Development Center to lead a team of industry and Government escape system engineers in performing a detailed study of ejection seat concepts to determine the feasibility of using them in the" orbiter. The NASA Langley Research Center is performing a similar study for a system to provide rocket extraction from seated positions.

 

RECOMMENDATION VIII

The Commission recommended that the nation not rely on a single launch vehicle capability for the future and that NASA establish a flight rate that is consistent with its resources.

Several major actions taken over the last year have reduced the overall requirements for NSTS launches and have provided for a mixed fleet of expendable launch vehicles and the Space Shuttle to ensure that the nation does not rely on a single launch vehicle for access to space.

Many of the Department of Defense (DOD) payloads previously scheduled on the NSTS can be launched on expendable launch vehicles. NASA and DOD have worked together to identify these payloads and to replan the overall launch strategy to reflect their launches on expendable launch vehicles.

The presidential decision to limit the use of the NSTS for launch of communication satellites to those with national security or foreign policy implications has resulted in many commercial communication satellites, previously scheduled for launch on the NSTS, being reassigned to commercial expendable launch vehicles. NASA has worked actively with the United States commercial launch vehicle industry and with the satellite owners and operators to ensure that this is an orderly transition.

The Office of Space Flight conducted a study to determine the NASA launch requirements that could be satisfied with a mixed fleet. This study determined that 25 percent of the NASA and the National Oceanic and Atmospheric Administration payloads currently scheduled on the NSTS could potentially be launched on expendable launch vehicles. NASA has developed the overall planning required to implement a mixed fleet, defined the required near- and far-term launch capability, and identified the number and type of launch vehicles necessary to satisfy the requirements.

[8] Each of these major actions will maximize the availability of the Shuttle for missions that require the unique capability provided by the vehicle and its crew.

In March 1986, Admiral Truly directed that a "bottoms-up" Shuttle flight rate capability assessment be conducted. To accomplish this, a flight rate capability working group was established. Representatives from each Shuttle program element that affects flight rate participated in this group.

Ground rules were developed to ensure that projected flight rates are realistic. These ground rules addressed such items as overall staffing of the work force, work shifts, overtime, crew training, and maintenance requirements for the orbiter, main engine, solid rocket motor, and other critical systems.

The group identified enhancements required in the Shuttle mission simulator, Orbiter Processing Facility, the Mission Control Center, and other areas such as training aircraft and provisioning of spares. With these enhancements and the replacement orbiter, NASA projects a maximum flight rate capability of 14 per year with four orbiters. This capacity, considering lead time constraints, "learning curves," and budget limitations, can be achieved no earlier than 1994.

The experience gained during flight rate buildup will be used to adjust future flight rate projections. This will further ensure that flight rates are realistically established and are not driven by other factors.

The manifesting and scheduling of payloads on the Shuttle will be constrained by and totally consistent with realistic flight rate projections as defined above.

Controls have been implemented to ensure that the Shuttle program elements are protected from pressures resulting from late manifest changes. While the manifest projects the payload assignments several years into the future, missions within 18 months of launch are placed under the control of a formal change process controlled by the Director, NSTS. Any manifest change not consistent with the defined capabilities of the Shuttle system will result in the rescheduling of the payload to another mission.

Two independent assessments of Shuttle flight rate capability have been made. The National Research Council published a report in October 1986, which states in part:

"With a 4-Orbiter fleet, the sustainable flight rate would be 11-13 per year with a surge rate of 15 flights per year only if appropriate ground support facilities are acquired.

"In order to sustain such rates and take account of possible contingencies, the Shuttle scheduling should be based upon the availability of fewer vehicles than are actually in the inventory by almost one Orbiter."

The other independent assessment was made by the Aerospace Safety Advisory Panel. At the conclusion of this study, the panel concurred with the National Research Council report.

 

RECOMMENDATION IX

The Commission recommended that NASA develop and execute a maintenance inspection plan, perform structural inspections when scheduled, and restore the maintenance and spare parts program.

NASA has updated the overall maintenance and flight readiness philosophy of the NSTS Program to ensure that it is a rigorous and prominent part of the safety-of-flight process.

A System Integrity Assurance Program has been developed that encompasses the overall maintenance strategy, procedures, and test requirements for each element of flight hardware and software to ensure that each item has been properly maintained and tested, and is ready for launch.

Major features of the program ensure design center cognizance and involvement in field center maintenance and operations activities and program management awareness of hardware status, work progress, and technical problems. The NSTS Program Office has the primary responsibility for defining and managing the maintenance safeguards activities; however, the system will provide data to the safety organization to support independent assessments.

The System Integrity Assurance Program Plan establishes requirements for formal [9] verification of vehicle configuration and maintenance activities and defines requirements for system reliability, supportability, and performance monitoring and trend analyses. Program-wide problem reporting and corrective action systems are being implemented for both flight and ground activities.

An information management system to enhance system analysis, verification of requirements, problem reporting, and management insight is being developed. Requirements for this system are being defined with participation from each program element and discipline.

NASA has alleviated the requirement for the routine removal of parts from one vehicle to supply another by expanding and accelerating various aspects of the NSTS logistics program. Procedures are being instituted to ensure that sufficient rationale is available to support any future requirement for such removal of parts and that a decision to remove them undergoes a formal review and approval process.

A vehicle checkout philosophy has been defined which ensures that systems remain within performance limits and that their design redundancy features function properly before each launch. Requirements have been established for identifying critical hardware items in the Operational Maintenance Requirements Specification Document (defines the work to be performed on the vehicle during each turnaround flow) and the Operations and Maintenance Instruction (procedures used in performing the work). These documents are being updated and must have design center concurrence prior to use.

 

RELATED RETURN-TO-FLIGHT ACTIONS

Several tasks are under way in support of the return-to-flight activities that are not directly related to the Commission recommendations. The Space Shuttle Flight and Ground System Specification and related documents have been updated. System design reviews have been held to identify modifications required to increase margins of safety. A design certification review, wet countdown demonstration test, and flight readiness firing will be conducted prior to flight. Continued astronaut and Mission Control Center training is maintaining flight proficiency as well as training new personnel. A new launch target date and flight crew for the first flight have been identified. These activities are discussed in Part 2 of this report.

 


[
10]

Space Shuttle Return to Flight- planned milestones from January 1986 to December 1988

Space Shuttle Return to Flight


link to the previous pagelink to the index pagelink to the next page