SPACE SHUTTLECOLUMBIA DISASTEROn the 1st February 2003 A criticalsystems failure occurred on thespace shuttle Columbia (STS - 107) onits re – entry to the earth’satmosphere.This caused the disintegration of theshuttle leading to the death of allseven crew members. STS-107 flight insignia
INVESTIGATION INTO THE ACCIDENTAbove image shows the Columbia disintegrating over Texas
NASA’S INITIALINVESTIGATIONThe Columbia re-entry data showed that there was a loss oftemperature sensors and of hydraulic systems in the leftwing, indicating severe over heating. Image of shuttle taken during re-entry shows damage to the left wing’s leading edge
This initial data focused the investigation on the possibilityof a a foam strike. This is when foam from the shuttle’s largest component, the external tank, sheds and collides with other areas of the or shuttle during launch. External TankThe theory that is was a foam strikewas compounded by the fact thatfoam sheading was a know problemthat had damaged previous orbiters Columbia launch
FOCUS OFINVESTIGATIONThe investigation focused entirely on the technical causes ofthe accident. No formal model was used in the investigation. No attempted was made to investiigate the humanand organizational cause of the accident.
RESULT OFINVESTIGATIONIt was conclude that the damage wasdue to the foam sheading of the leastleft bi-pod ramp causing a breach in thereinforced carbon – carbon panels inthe left wing. Left bi-pod rampThe result of this was to retrainemployees at the assembly facility toapply foam without defects. THIS WAS THE INCORRECT CAUSE
Technical causes Root cause Shuttle Bi-pod Foam overheats damages left applied dues to RCC wing onincorrectly damage on launch re-entry
COLUMBIAN ACCIDENTINVESTIGATION BOARDThis was an independent investigation board. The boardanalyzed the accident in more robustly. Took into account technical cause, human cause and organizational cause. Investigation made use of effective modelingapproaches. Came to a different conclusion.(Board, Columbia Accident Investigation, 2003)
FOCUS OFINVESTIGATIONTechnicalCarried out test to confirm that foam could have causeddamage to the RCC panels on the left wing. Usedcompressed air gun to fire foam at wing leading edge.Conducted further research intothe fitting of the foam concludedthat due to the technical andorganizational controls in placethe fault could not have occurredthere. Compressed air gun used to fire the foam.
OrganizationalSeveral faults with NASA as an organization contributed tothe accident.NASA’s reluctance to curb operational ambition in line theirshirking budget meant that greater efficiency had to beachieved. This caused the schedule to be tightened; as aresult the workloads and the stress of the staff increased. NASA budget as percentage of federal budget
NASA was also found to have inadequate decision makingand risk-assessment processes.NASA management knew about the foam sheading problemfor over 22 years before the accident occurred. The failure to correct the problem was due to conflict interests of managing positions. The managers not only had to ensure safety but they also had to make sure the launch was on schedule and in budget.
MODELING USED INTHE INVESTIGATIONInvestigation used fault trees to model the accident. A graphical representation of all the events that could lead to a system failure.Each element in a fault tree represents a factor: technical,human or organizing that could cause the element immediatelyabove it to fail.This is ideal for modeling complex socio-technical systems, asyou can clearly see the chain of events that could lead to acatastrophic system failure.It is an effective tool for finding the correct chain of eventsthrough a process of elimination.
EXAMPLE FAULT TREE Simple fault tree for a fire breakout
RESULT OF INVESTIGATION Organizational Technical causes causes NASA Left foam bi- Management pod collides Nasa’s Shuttle over Shuttle failed to act with RCCbudget is cut heats disintegration on known panels on problem wing
ACADEMICLITERATUREStudying organisational cultures and their effects on safety(Hopkins, 2006)Beyond Normal Accidents and High Reliability Organizations: The Need for anAlternative Approach to Safety in Complex Systems( Marais, Dulac, & Leveson, 2004) Both agree that a major factor contributing towards the accident was NASA organizational culture.A Framework for Dynamic Safety and Risk Management Modeling in ComplexEngineering Systems (Dulac, 2007) Takes it a step further and analyzes NASA using STAMP modeling the paper finds that STAMP is ideally sited with its control framework to model every aspect of NASA: social, organizational, technical and how they interact.
CHALLENGERDISASTEROn January 28, 1986the space shuttleChallenger (STS-51-L)broke apart in flight,minutes after take off,killing all of its 7 crewmembers. STS-51-L flight insignia
INVESTIGATION INTO THE ACCIDENTAbove image shows the Challenger disintegrating 73 seconds after launch
ROGERS COMMISSION(PRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident,1986)Presidential Commission on theSpace Shuttle Challenger Accidentwas an independent investigationinto the accident. Solid Rocket boosterThe investigation found that theright solid rocket booster becomeseparated, causing damage to theexternal tank. This led to thedestruction of the shuttle byaerodynamic forces.
The investigation found that the O-ring joint failure was thecause of the accident. The O-ring sealed a joint connectingthe solid rocket booster to the main partof the shuttle Both the primary and secondary O-rings failed, allowingheated gases and flames to escape and make contact withthe external tank, causing a structural failure.
FOCUS OFINVESTIGATIONTechnicalThe O-ring joint was know to be inadequate and was in theprocess of being redesigned. It was found that in perviousflights O-ring erosion had occurred which rendered thesecondary O-ring useless.OrganizationalOn the day of launch engineers were concerned that thetemperature was too low to launch(-2.2C lowest launchtemperature recorded) and that there was to much ice on theshuttle. O-rings would not perform correctly at thistemperature.NASA management was told of this issue but it was deemed anacceptable risk and the launch went ahead.
RESULT OFINVESTIGATIONTechnical concerns- the sold rocket boosters were redesigned.Organizational concerns- A new safety office was created to allow better communication and risk assessment.Cause Ice conditions not Root assessed correctly Organizational O-ring failure Shuttle caused rocket disintegrated booster to detach Design flaw in O- rings Technical
ACADEMICLITERATUREUnderstanding the Challenger Disaster: OrganizationalStructure and the Design of Reliable Systems(Heimann, 1993)A critical analysis of factors related to decisional processesinvolved in the challenger disaster(Gouran , Hirokawa,, & Martz, 1986) These papers both focus on the decision making process at NASA and why it how this process can be made more robust.
REFERENCESMarais, K., Dulac, N., & Leveson, N. (2004). Beyond Normal Accidents and High ReliabilityOrganizations: The Need for an Alternative Approach to Safety in Complex Systems.Cambridge.Board, Columbia Accident Investigation. (2003). Columbia Accident Investigation Board Vol 1.Washington, D.C: Columbia Accident Investigation Board.Dulac, N. (2007). A Framework for Dynamic Safety and Risk Management Modeling in ComplexEngineering Systems. Cambridge: MIT.Gouran , D. S., Hirokawa,, R. Y., & Martz, A. E. (1986). A critical analysis of factors related todecisional processes involved in the challenger disaster. Central States Speech Journal , 37.Heimann, C. F. (1993). Understanding the Challenger Disaster: Organizational Structure andthe Design of Reliable Systems. The American Political Science Review , 87, 421-435.Hopkins, A. (2006, December). Studying organisational cultures and their effects on safety.Safety Science , 44, pp. 875-889.Keong, T. H. (1997, July 9). Risk Analysis Methodologies. Retrieved June 8, 2012, frompacific.net.sg: http://home1.pacific.net.sg/~thk/risk.htmlPRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident. (1986). Report of thePRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident. Washington, D.C.:PRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident.