SPACE SHUTTLE CHALLENGER DISASTER
(Rogers Commission Report)
The Rogers Commission Report was written by a Presidential Commission charged with investigating the Space Shuttle Challenger disaster during its 10th mission, STS-51-L. The report, released and submitted to President Ronald Reagan on 9 June 1986, both determined the cause of the disaster that took place 73 seconds after liftoff, and urged NASA to improve and install new safety features on the shuttles and in its organizational handling of future missions.
The commission found that the immediate cause of the Challenger accident was a failure in the O-rings sealing the aft field joint on the right solid rocket booster, causing pressurized hot gases and eventually flame to “blow by” the O-ring and contact the adjacent external tank, causing structural failure. The failure of the O-rings was attributed to a design flaw, as their performance could be too easily compromised by factors including the low temperature on the day of launch.
“An accident rooted in history”
More broadly, the report also determined the contributing causes of the accident. Most salient was the failure of both NASA and its contractor, Morton Thiokol, to respond adequately to the design flaw. The Commission found that as early as 1977, NASA managers had not only known about the flawed O-ring, but that it had the potential for catastrophe. This led the Rogers Commission to conclude that the Challenger disaster was “an accident rooted in history”.
Flawed launch decision
The report also strongly criticized the decision making process that led to the launch of Challenger, saying that it was seriously flawed. Morton Thiokol called a meeting the night before the launch to raise concerns over the forecast temperature in regards to the O-Rings. During the meeting, Morton Thiokol’s engineers issued a recommendation “not to launch below 53F”, the previous lowest temperature of a launch (STS-51C, a year earlier). The NASA managers challenged this and after a 30 minute offline caucus, Morton Thiokol’s senior management overruled their engineers decision and gave the launch the go ahead. The concerns were not communicated beyond the Level III Flight Readiness Review (FRR). It is certain that even though members of higher FRR teams knew about the issues, there were plenty of members who could have stopped the launch but decided not to. This was done in large part because of the management structure at NASA and the lack of major checks and balances, which proved to be fatal in this scenario. The report concluded that:
… failures in communication … resulted in a decision to launch 51-L based on incomplete and sometimes misleading information, a conflict between engineering data and management judgments, and a NASA management structure that permitted internal flight safety problems to bypass key Shuttle managers.
Role of Richard Feynman
One of the commission’s best-known members was theoretical physicist Richard Feynman. His style of investigating with his own direct methods rather than following the commission schedule put him at odds with Rogers, who once commented, “Feynman is becoming a real pain.” During a televised hearing, Feynman famously demonstrated how the O-rings became less resilient and subject to seal failures at ice-cold temperatures by immersing a sample of the material in a glass of ice water. Feynman’s own investigation reveals a disconnect between NASA’s engineers and executives that was far more striking than he expected. His interviews of NASA’s high-ranking managers revealed startling misunderstandings of elementary concepts. One such concept was the determination of a safety factor.
In one example, early tests resulted in some of the booster rocket’s O-rings burning a third of the way through. These O-rings provided the gas-tight seal needed between the vertically stacked cylindrical sections that made up the solid fuel booster. NASA managers recorded this result as demonstrating that the O-rings had a “safety factor” of 3. Feynman incredulously explains the magnitude of this error: A “safety factor” refers to the practice of building an object to be capable of withstanding more force than the force to which it will conceivably be subjected. To paraphrase Feynman’s example, if engineers built a bridge that could bear 3,000 pounds without any damage, even though it was never expected to bear more than 1,000 pounds in practice, the safety factor would be 3. If a 1,000-pound truck drove across the bridge and a crack appeared in a beam, even just a third of the way through a beam, the safety factor is now zero: The bridge is defective, there was no safety factor at all even though the bridge did not actually collapse.
Feynman was clearly disturbed by the fact that NASA management not only misunderstood this concept, but inverted it by using a term denoting an extra level of safety to describe a part that was actually defective and unsafe. Feynman continued to investigate the lack of communication between NASA’s management and its engineers, and was struck by management’s claim that the risk of catastrophic malfunction on the shuttle was 1 in 105, i.e. 1 in 100,000. Feynman immediately realized that this claim was risible on its face; as he described, this assessment of risk would entail that NASA could expect to launch a shuttle every day for the next 274 years while suffering, on average, only one accident. Investigating the claim further, Feynman discovered that the 1 in 105 figure was stating what they claimed the failure rate ought to be, given that it was a manned vehicle, and working backward to generate the failure rate of components.
Feynman was disturbed by two aspects of this practice. First, NASA management assigned a probability of failure to each individual bolt, sometimes claiming a probability of 1 in 108, i.e. one in one hundred million. Feynman pointed out that it is impossible to calculate such a remote possibility with any scientific rigor. Secondly, Feynman was bothered not just by this sloppy science but by the fact that NASA claimed that the risk of catastrophic failure was “necessarily” 1 in 105. As the figure itself was beyond belief, Feynman questioned exactly what “necessarily” meant in this context, whether it meant that the figure followed logically from other calculations or that it reflected NASA management’s desire to make the numbers fit.
Feynman suspected that the 1 in 105 figure was wildly fantastical, and made a rough estimate that the true likelihood of shuttle disaster was closer to 1 in 100. He then decided to poll the engineers themselves, asking them to write down an anonymous estimate of the odds of shuttle explosion. Feynman found that the bulk of the engineers’ estimates fell between 1 in 50 and 1 in 200 (at the time of retirement, the Shuttle suffered two catastrophic failures across 135 flights, for a failure rate of 1 in 67.5). Not only did this confirm that NASA management had clearly failed to communicate with their own engineers, but the disparity engaged Feynman’s emotions. When describing these wildly differing estimates, Feynman briefly lapses from his damaging but dispassionate detailing of NASA’s flaws to recognize the moral failing that resulted from a scientific failing: he was upset NASA presented its fantastical figures as fact to convince a member of the public, schoolteacher Christa McAuliffe, to join the crew. Feynman was not uncomfortable with the concept of a 1⁄100 risk factor, but felt strongly that the recruitment of laypeople required an honest portrayal of the true risk involved.
Feynman’s investigation eventually suggested to him that the cause of the Challenger disaster was the very part to which NASA management so mistakenly assigned a safety factor. The O-rings were rubber rings designed to form a seal in the shuttle’s solid rocket boosters, preventing the rockets’ hot gas from escaping and damaging other parts of the vehicle. Feynman suspected that despite NASA’s claims, the O-rings were unsuitable at low temperatures and lost their resilience when cold, thus failing to maintain a tight seal when rocket pressure distorted the structure of the solid fuel booster. Feynman’s suspicions were corroborated by General Kutyna, also on the commission, who cunningly provided Feynman with a broad hint by asking about the effect of cold on O-ring seals after mentioning that the temperature on the day of the launch was far lower than had been the case with previous launches: below freezing at 28 to 29 °F (−2.2 to −1.7 °C); previously, the coldest launch had been at 53 °F (12 °C). In 2013, the BBC film The Challenger revealed that the O-Ring insight had in fact come to Kutyna from the astronaut and fellow commission member Sally Ride, who had secretly provided him with NASA test results showing the O-rings became stiff when they were too cold.
Feynman’s investigations also revealed that there had been many serious doubts raised about the O-ring seals by engineers at Morton Thiokol, which made the solid fuel boosters, but communication failures had led to their concerns being ignored by NASA management. He found similar failures in procedure in many other areas at NASA, but singled out its software development for praise due to its rigorous and highly effective quality control procedures – then under threat from NASA management, which wished to reduce testing to save money given that the tests had always been passed.
Based on his experiences with NASA’s management and engineers, Feynman concluded that the serious deficiencies in NASA management’s scientific understanding, the lack of communication between the two camps, and the gross misrepresentation of the Shuttle’s dangers, required that NASA take a hiatus from Shuttle launches until it could resolve its internal inconsistencies and present an honest picture of the shuttle’s reliability. Feynman soon found that, while he respected the intellects of his fellow Commission members, they universally finished their criticisms of NASA with clear affirmations that the Challenger disaster should be addressed by NASA internally, but that there was no need for NASA to suspend its operations or to receive less funding. Feynman felt that the Commission’s conclusions misrepresented its findings, and he could not in good conscience recommend that such a deeply flawed organization as NASA should continue without a suspension of operations and a major overhaul. His fellow commission members were alarmed by Feynman’s dissent, and it was only after much petitioning that Feynman’s minority report was included at all. Feynman was so critical of flaws in NASA’s “safety culture” that he threatened to remove his name from the report unless it included his personal observations on the reliability of the shuttle, which appeared as Appendix F. In the appendix, he stated:
It appears that there are enormous differences of opinion as to the probability of a failure with loss of vehicle and of human life. The estimates range from roughly 1 in 100 to 1 in 100,000. The higher figures come from the working engineers, and the very low figures from management. What are the causes and consequences of this lack of agreement? Since 1 part in 100,000 would imply that one could put a Shuttle up each day for 300 years expecting to lose only one, we could properly ask “What is the cause of management’s fantastic faith in the machinery? … It would appear that, for whatever purpose, be it for internal or external consumption, the management of NASA exaggerates the reliability of its product, to the point of fantasy.
“For a successful technology,” Feynman concluded, “reality must take precedence over public relations, for nature cannot be fooled.”
Feynman later wrote about the investigation in his 1988 book What Do You Care What Other People Think?. The second half of the book covers the investigation and the issues between science and politics.
Feynman later reported that, although he had believed he was making discoveries about the problems at NASA on his own, he eventually realized that either NASA or contractor personnel, in an apparent effort to anonymously focus attention on these problem areas, had carefully led him to the evidence which would support the conclusions on which he would later report.
The Rogers Commission offered nine recommendations on improving safety in the space shuttle program, and NASA was directed by President Reagan to report back within thirty days as to how it planned to implement those recommendations. This is a summary of the chapter of Recommendations:
Design and Independent Oversight
Shuttle Management Structure, Astronauts in Management and Shuttle Safety Panel
Criticality Review and Hazard Analysis
Launch Abort and Crew Escape
In response to the commission’s recommendation, NASA initiated a total redesign of the space shuttle’s solid rocket boosters, which was watched over by an independent oversight group as stipulated by the commission. NASA’s contract with Morton Thiokol, the contractor responsible for the solid rocket boosters, included a clause stating that in the event of a failure leading to “loss of life or mission,” Thiokol would forfeit $10 million of its incentive fee and formally accept legal liability for the failure. After the Challenger accident, Thiokol agreed to “voluntarily accept” the monetary penalty in exchange for not being forced to accept liability.
NASA also created a new Office of Safety, Reliability and Quality Assurance, headed as the commission had specified by a NASA associate administrator who reported directly to the NASA administrator. George Rodney, formerly of Martin Marietta, was appointed to this position. Former Challenger flight director Jay Greene became chief of the Safety Division of the directorate.
The unrealistically optimistic launch schedule pursued by NASA had been criticized by the Rogers Commission as a possible contributing cause to the accident. After the accident, NASA attempted to aim at a more realistic shuttle flight rate: it added another orbiter, Endeavour, to the space shuttle fleet to replace Challenger, and it worked with the Department of Defense to put more satellites in orbit using expendable launch vehicles rather than the shuttle. In August 1986, President Reagan also announced that the shuttle would no longer carry commercial satellite payloads. After a 32-month hiatus, the next shuttle mission, STS-26, was launched on September 29, 1988.
After the Space Shuttle Columbia disaster in 2003, attention once again focused on the attitude of NASA management towards safety issues. The Columbia Accident Investigation Board (CAIB) concluded that NASA had failed to learn many of the lessons of Challenger. In particular, the agency had not set up a truly independent office for safety oversight; the CAIB felt that in this area, “NASA’s response to the Rogers Commission did not meet the Commission’s intent”. The CAIB believed that “the causes of the institutional failure responsible for Challenger have not been fixed,” saying that the same “flawed decision making process” that had resulted in the Challenger accident was responsible for Columbia’s destruction seventeen years later.