Foam and the limits of foresight
by Dwayne A. Day and Christopher Kirchhoff
|As proof of how easy it is to overlook a fatal flaw, investigators circulated a document from the Challenger investigation in 1986 that warned of the dangers of foam impacting on the shuttle.|
However, Gehman also wanted his staff to go beyond the foam issue and try to identify other potential hazards. Although he never stated it, many of us realized that there were two reasons behind Gehman’s urgings. First, we needed to not only identify the cause of the last accident but hopefully prevent the next one as well. Second, to some extent CAIB’s larger claims about NASA’s institutional flaws rested upon the ability to locate a dangerous anomaly NASA had missed. Identifying other lapses in safety would confirm suspicions that NASA’s safety culture was in need of renewal. Eventually CAIB investigators found their smoking guns, including the appalling case of the solid rocket booster boltcatcher, a piece of defective hardware that NASA incorrectly certified for flight. Had the flaw not been caught, a potentially-lethal chunk of titanium could have been sent arcing towards the orbiter at booster separation.
Understanding its own limited ability to spot technical flaws encouraged the Board to examine the institutional structure and culture of the shuttle program itself. Columbia was not simply a technical failure; it was a failure of the humans that worked on the technology, and the social systems that they had developed to catch errors. Because CAIB could not catch every technical glitch, it was extremely important to diagnose and correct weaknesses in NASA’s safety systems and institutional culture. NASA has to create a safety apparatus and working environment that reliably identifies and corrects future failures that neither the investigation nor NASA personnel could foresee in the summer of 2003. In the Board’s final report, almost half of its recommendations were directed to improve these systems.
Even though CAIB succeeded in identifying the hazard posed by the PAL ramp—and indeed, all non-acreage foam—the Board did not have enough information at the time to propose a specific resolution justifying its removal. The Board and its team of investigators knew ultimately NASA must interpret its recommendations and choose how to implement them; the CAIB report was only the start of a process, certainly not its conclusion. NASA, for reasons that agency officials will now have to defend, chose not to re-engineer the PAL ramp, launching Discovery with a piece of foam it knew posed a risk to the orbiter.
|Even though CAIB succeeded in identifying the hazard posed by the PAL ramp—and indeed, all non-acreage foam—the Board did not have enough information at the time to propose a specific resolution justifying its removal.|
Now is the time to ask whether NASA’s acceptance of this risk was driven by the same reasoning that downed Columbia, or whether something else entirely is at fault. In the case of Columbia, program managers reasoned that because breakaway foam had not previously destroyed an orbiter, it was not likely to do so in the future, just as managers before the Challenger accident had reasoned that because cold temperatures had not caused a burnthrough of the booster rockets’ O-rings, they would not do so in January 1986. It seems that a similar conservatism prevailed in the current situation, with tank engineers arguing that because the PAL ramp had never before become dislodged, its removal was unnecessary. No matter the technical reason for this event, or the technical solution that may solve it, this brush with disaster must spur NASA’s newly-empowered safety officials to be even more demanding in their search for the right balance between risk and safety. NASA’s safety apparatus must pick up were the Columbia investigation left off, and, if the shuttle is to fly safely through 2010, go far beyond it.