Tuesday, June 27, 2006

Discovery Launch: Hopes, Prayers, and Engineering Judgment

This morning, Tuesday, June 27, 2006, four days and some hours before the scheduled launch of NASA's Space Shuttle Discovery, the director of engineering at the Johnson Space Center, Charlie Camarda, was removed from the mission's management team. The Houston Chronicle reports that this reassignment, which Camarda says was against his will, took place after Camarda sent an email to colleagues supporting them for expressing their "dissenting opinions and your exceptions/constraints for flight." Ten days ago, in the June 17 flight readiness review meeting, NASA's head safety official Bryan O'Connor and Christopher Scolese, NASA's chief engineer, voted not to launch. Despite their opposition, NASA managers decided to proceed with the scheduled flight anyway. According to comments the two made after the meeting, their concerns were more that Discovery may suffer irreparable damage during the launch, not that the crew of seven astronauts is in more than the usual danger involved in a ride into space. Nevertheless, it's very clear from these and other reports that NASA is far from one big happy family these days.

Camarda's dismissal may have more to do with internal NASA politics than with shuttle safety. But the two cannot be separated. NASA maintains the shuttles, trains the astronauts, and decides when and how often to fly the remaining three orbiters: Atlantis, Discovery, and Endeavor. NASA head Michael Griffin has gone on record as saying that if Discovery is seriously damaged by pieces of insulating foam—the same problem that doomed Columbia in 2003—he would consider shutting down the entire shuttle program. That policy no doubt influenced the votes of O'Connor and Scolese, who feel that engineering modifications to foam on a number of support brackets should be made to prevent irreparable damage to Discovery's vital heat shield. Everyone agrees that if the kind of damage sustained by Columbia occurs, and is discovered in orbit, and can't be repaired, then the astronauts can take refuge in the International Space Station until a rescue flight can be arranged with one of the two remaining shuttles. This despite the fact that the Station has lately had trouble accommodating only two or three residents at a time. But being uncomfortable and cramped in weightlessness for a few weeks is better than a fiery death. You haven't seen a lot of news items about billionaires paying for rides into space lately, have you? Maybe there's a reason.

In my Mar. 21, 2006 blog, "Retire the Space Shuttle Now," I stated a number of good reasons that we should go straight to the next model of space orbiter without risking any more people's lives in antiquated, patched-up shuttles that deserve an honored place in the Smithsonian, not reuse in space long after their design lifetimes. The recent news out of NASA has only increased my concern that yet another known problem that we haven't heard about in public, but which the engineers are all too familiar with, will reach out and cause another hair-raising space adventure like Apollo 13's near-disaster, if not worse.

Unfortunately, the shuttle program has achieved canonical status in the engineering ethics literature for a couple of reasons. One is that NASA, being a public agency, is unusually open about its internal processes and debates, which means that records of data and decisions are easy to obtain. The second is that both the Challenger and Columbia disasters were caused by known problems that were technically fairly well understood. The failures were not mysterious scientific puzzles; they were failures in management decision-making.

In most well-run organizations, the chief safety officer is king in his or her limited domain. In an oil refinery, for instance, if the president and owner of the plant walks into a hazardous area and attempts to light a cigar, the lowliest safety official present is entirely within his rights to do anything necessary to prevent it, including knocking the president down. On June 17, we witnessed the spectacle of not only NASA's chief safety officer, but its chief engineer as well, say that for reasons of property protection, the launch should not proceed—and they were overruled. And Charles Camarda, an engineer who himself flew on the 2005 Discovery flight, the first one after the Columbia disaster, has just gotten sacked from his mission responsibilities for commending the way some of his underlings spoke out at the flight review. It is not a pretty picture.

In Greek mythology, a young woman named Cassandra had the misfortune to attract the eye of the god Apollo. In an attempt to put himself in her good graces, he gave her the gift of prophecy. But when she refused his advances, he ran up against the rule that says what the gods giveth, the gods can't taketh away. He couldn't keep her from being a prophet, but he could spoil it another way: he made sure that whatever Cassandra prophesied in the way of dire forecasts would not be believed by anybody else. So when she ran around in Troy saying, "You'll be sorry if you bring that big wooden horse in here," she warned the Trojans in vain, the Greeks popped out anyway, and Troy fell. This made Cassandra wish she had never seen Apollo in the first place. Since then her name has passed into the language to mean one whose accurate foretellings of disaster are ignored.

I don't want to be a NASA Cassandra. I have no illusions that one blogger, or even an entire Greek chorus of bloggers, will influence NASA's decision-making process. My hopes and my prayers are that STS-121 will go smoothly, with no headlines other than the routine ones. But we face three possible outcomes on this trip: a routine flight with no significant problems, a flight in which Discovery is damaged enough to scuttle the remaining Shuttle fleet, or a more serious problem that endangers life. May God grant that the third possibility doesn't happen. But I'm going to leave it up to Him as to which of the other two takes place.

