I’ve expressed strong opinions (i.e, ranted) about NASA’s decision to retire the Space Shuttle fleet before there was a replacement ready. As in, more than five years before there was a replacement ready. The short version is that I understand that the Shuttle was seen as being too expensive and not safe enough (both contentions of which I have further strong opinions about, but this is supposed to be the short version) and it needed to be replaced — I simply think it was a huge error to leave a five-year (or longer) gap in the ability to fly US astronauts on US spacecraft.
Now with the situation in Ukraine, we’ve imposed sanctions, Russia is digging in their heels, and there are veiled and not-so-veiled threats about the future of the Russian commitment to carry American, Canadian, European, and Japanese astronauts to ISS. There are also threats for the Russians to abandon the ISS in 2020, while the US and partners have been talking about extending its use to 2024 or even beyond. Finally, several US launch vehicles (Antares and Atlas V, among others) are using Russian manufactured engines, which will now be limited in supply or completely unavailable.
In thinking about this today, it finally struck me how incongruous this all is for NASA when you look at the big picture. (I’m sure I’m not the first person to think of this, but I don’t remember seeing it anywhere else.)
Simply put, with very, very few exceptions, when NASA designs a system or spacecraft, there are ALWAYS multiple redundant backup systems. You can count on one hand the number of systems on the ISS or on the Shuttle or any of the moon missions that didn’t have some sort of backup if the primary system failed.
Furthermore, the more important the system, the more backup systems. Look at the electrical system or the cooling system on ISS. They’ve had failures, a couple of which in the last year have been urgent enough to require unscheduled EVAs (space walks) to replace broken hardware — but in each case, there was a backup system that kicked in, and usually a third backup in case that failed. The reason for the unscheduled EVAs wasn’t because there was no backup, it was because flight rules require multiple backup systems.
Remember Apollo 13? There were backup systems when the oxygen tank blew up, the Lunar Module was the backup system for life support and thrust and navigation, and when they ran out of backup systems they started making them up out of duct tape and cardboard!
The Shuttle had one major critical system that had no backup system, at least at first. The heat tiles had to work for re-entry, and when they were damaged, Columbia and her crew paid the price. BUT, after a two and a half year shutdown, there were backup procedures developed and put into place, including post-launch inspections of the thermal protection system, inspections again before docking at ISS, inspections a third time before re-entry, and a plan for sheltering at ISS or being rescued on-orbit if critical damage was found.
As for launch, there were phases of the launch that didn’t have a backup procedure in an emergency, but the Challenger accident wasn’t a result of any of those. It was a result of complacency, mis-communication, and carelessness, but once the Shuttle got just a little higher and faster in the launch, there were procedures to separate early if necessary from either the Solid Rocket Boosters (SRBs) or the main tank and the SRBs and fly the Shuttle back to land at Kennedy Space Center. If they were even higher and faster, they could separate early and fly to a landing in Europe or Africa. They never had to test those backups (which was probably good, since I heard a talk by one of the pilots early in the program that described the maneuvers for a return to KSC as “pretty hairy”) but there were plans and procedures. It was only in the first two minutes or so of launch that it was all or nothing.
Oxygen generation? Multiple backup systems. CO2 scrubbing? Multiple backup systems. Ammonia leak? Computer failure? Depressurization? Electrical? Power generation? All have multiple backup systems and procedures.
Everything has a backup system — the more critical the system, the critical that it have at least one and preferably multiple backup system
Simple concept. Good idea. Excellent design philosophy.
Step back for a moment and look at the forest instead of the trees.
Why is there no backup procedure, plan, or system for getting astronauts to or from ISS if the Russians can’t or won’t take them on a Soyuz?
What if the Soyuz has a launch failure and the launch fleet is grounded? What if there are manufacturing, labor, or other issues with the factories in Russia? What if Russia and the US get into a spat over, say, Ukraine, and they won’t sell us seats any more?
With a long-standing design philosophy of avoiding wherever possible letting there be a “single point of failure,” didn’t anyone at NASA see that by putting the Shuttles in museums they were deliberately building a huge single point of failure into an absolutely critical aspect of the program?
I’m sorry, I just can’t see how that one fell through the cracks.
It looks to me like the Bush administration, the Obama administration, Congress, and multiple NASA administrations all turned a blind eye to the number one rule that they had learned in fifty years of manned spaceflight. They broke that rule and gambled that they could get away with it.
Maybe they will. The Russians haven’t actually stopped carrying our astronauts, they’ve just done some sword rattling. Maybe the Ukraine crisis will blow over. Maybe Putin will mellow out and pull his troops back.
Or maybe we should just be praying that Elon Musk and SpaceX are smarter, faster, more aggressive, and more forward thinking than anyone is at NASA, Congress, or the White House. If things deteriorate in the Balkans, it may be up to them to save our bacon.
We Love The Stars Too Fondly 