Normalization of devianceby Robert Oler
|
| Today, how individuals lead others managing machines has become the prime issue in unsatisfactory outcomes and evaluating how they unfolded. |
If Captain Smith, late of RMS Titanic, had judged the risk of icebergs prudently, history would be different. Paramount on Smith’s mind was neither icebergs nor history. As many excellent books and well-acted movies have illustrated and the written record has shown, a desire to please his corporate master was.
Once the liner went to top speed, random chance controlled events. Titanic operated in an unsafe fashion long before the iceberg appeared. NASA human spaceflight has been here before.
The interaction of human decision-making with machines has been studied intensely since several near and catastrophic events in the 1970s. Over the decades, various models of decision-making have evolved, driven by maturing technology. Today, how individuals lead others managing machines has become the prime issue in unsatisfactory outcomes and evaluating how they unfolded.
The latest version of these models is labeled by the major regulators of aviation (including the FAA) as Competency Based Operation. Task-based skills, such as procedure application and basic operational skills, are evaluated with equal weight on both their execution and how the decision was made to employ them.
Evaluation of events is centered around whether the leader was able to recognize if what was predicted to happen is or is not occurring. If the answer is yes, there is a high level of safety. If not? Leaders are taught to react to what is causing the difference and then question the soundness of the overall decision-making process looking for a root cause of failure.
The US lunar landing program has been a goal for at least eight years. By any observation, little is going according to plan both in general and its execution. Ambiguity—what A competency-based operation would call lack of situational awareness—permeates the entire program.
A timely example is the issue of the Orion heat shield. NASA flew a prototype heat shield on an uncrewed test called EFT 1 in 2014. It performed well. After the flight, with contractor agreement, NASA significantly changed the design of the heat shield.
On Orion’s next flight, the “new” heat shield did not ablate as it was designed. Instead, massive chunks came out of the heat shield. The crew would have survived, but the heat shield did not act as predicted by any engineering model. This is unsafe.
As results came from the first flight, the current flight heat shield had already been attached to the capsule. That was three years ago.
Full scale testing of the shield on Earth is not possible. Subscale testing of the heat shield material attempted to define the threat that was revealed on Artemis 1 and explored mitigation. The current Orion’s heat shield is worse in the suspected issue than its predecessor.
A fix—redesigning the heat shield—would delay Orion flying with a crew even further, ending any opportunity for a lunar landing in the term of this administration. A redesign is in work for the next Orion. It is unclear whether it will ever be tested at full scale before flying a crew. That would take another test flight like EFT 1, at a high cost.
NASA’s answer was to avoid the conditions which they believed cause the anomaly as much as possible. In other words, to accept deviation from the desired standard. The aviation equivalent to this is long landings.
| The thing about normalization of deviance is, having accepted the risk, it is impossible to know when it is too much. |
Long landings, or landings outside the marked touchdown zone markings on the runway, are a persistent and widespread issue. Some are due to pilots lacking skill and experience in dynamic meteorological conditions. Many, however, are of choice. Why? Runways are long and pilots try and minimize time to get to the gate. Nearly all end without incident.
It does, however, lead to normalization of deviation (NOD) from prescribed standards, which occasionally can turn out badly. A recent incident in Virginia had the captain making an approach in bad weather to a shorter runway which required optimum technique.
The approach was both fast and high on the preferred approach path. Despite two “go around” calls by the copilot, the captain persisted and touched down about midfield. A special form of concrete that deforms under load prevented the airplane from leaving the runway. The investigation is still ongoing, but the likelihood is high that the captain had normalized landing long as standard procedure.
US human spaceflight has been here before. Both shuttle losses were caused by NOD influencing bad decision-making. The thing about NOD is, having accepted the risk, it is impossible to know when it is too much.
Unfortunately, heat shields are like foundations of houses: they are either capable or cracked. For the upcoming mission experts agree on one point, the heat shield will crack. How much and how badly is harder to predict. The likelihood is it will not be catastrophic.
If the thermal protection system fails, as the shuttle Columbia demonstrated, there will be a hull loss. The decision will become an “orphan” spread among faceless people, nor will the process survive scrutiny.
New NASA administrator Jared Isaacman agrees with the mitigation. He is in a difficult spot. While being confirmed, the capsule was already sitting atop its rocket. He lacks expertise in the matter and lacked control of the decision process.
This is the second major decision in the lunar landing program made without any administrator first-line accountability. The first was picking SpaceX to provide the lunar lander and the terms under which that would be accomplished. That person left NASA and went to work at SpaceX. It is fair to wonder what had that person’s attention?
“Safety” entered the English language in the 14th century. Today it is incorrectly and informally defined as an absolute. “Being safe” is not the absence of peril. “Being safe” is an organization or person doing what is supposed to be done as defined by standards and protocols, even when doing so is difficult or costly or displeases leadership.
In an era of slide rules and pocket protectors, the nation and its engineering teams designed vehicles where the operation of heat shields was never in doubt. Nearly $30 billion has been spent on Orion and yet NASA is going with a mitigation where a solution is called for in a critical component.
NASA and its contractors are quick to express concerns about safety: “it’s our highest priority” is a key phrase oft repeated. Is it? The Orion issue is not unique. The entire program is riddled with ambiguity and lack of solid performance. This is not a good trend.
Note: we are now moderating comments. There will be a delay in posting comments and no guarantee that all submitted comments will be posted.