Engineering is the art of modelling materials we do not wholly understand, into shapes we cannot precisely analyze, so as to withstand forces we cannot properly assess, in such a way that the public has no reason to suspect the extent of our ignorance. – Dr A. R. Dykes
A Flight Readiness Review is like Confession. Every department must stand up in public and confess their sins, whereupon we all make a judgement about the severity and punishment.
Well, not exactly that but close enough.
At a NASA FRR each area is supposed to demonstrate that each and every piece part of a flight vehicle was designed with good engineering standards to accomplish the required purpose; and that further each part was manufactured to exacting tolerances and passed inspection; and still further that each part was tested or qualified to the conditions it would experience in spaceflight; and finally that all parts and all systems would work together to perform their functions successfully. If the tiniest discrepancy was detected, an explanation must be forthcoming in excruciating detail with mountains of engineering rationale – test and analysis – to show the discrepancy was acceptable. A good FRR for the space shuttle could last two or more days with lengthy presentations, probing questions, sometimes acrimonious debate, and finally resolution: fly or stand down and fix.
There was never a Flight Readiness Review without problem discussions. I have found that every other space launch system which holds FRRs similarly discusses problems and discrepancies before deciding to fly. These are complex systems built to exacting tolerance near the limit of what materials can stand. There has never been a perfect rocket or a perfect launch; there are always discrepancies, problems, and issues.
Over the last several posts, I have recounted just a few of the major issues at the STS-121 FRR. This is intended as an example and object lesson for those getting ready for future FRRs. The STS-121 FRR was the most contentious that I ever experienced. But it was like all those other reviews in that the imperfect system was laid bare, probed with great intensity, and at the end of the day a judgement made. Those judgements were never based on perfect knowledge or understanding. It is to be understood that perfect understanding – and perfect safety – does not exist.
For STS-121 the results were success. But the questions remain: were we smart or just lucky? How close to the edge did we come? Would it have been better to stand down and wait for better understanding or more perfection in the vehicle? How long could we have waited before the program got cancelled?
It takes experience, skill, and understanding to come to a judgement in such matters; it is as much an art as a science. How to know when enough has been done; how to know when it is safe enough; or how to decide to stop the clock and go back to work to understand and fix the problem.
At this point I generally quote Dr. Dianne Vaughn, a sociologist that studied how engineers at NASA make decisions in her book “The Challenger Launch Decision.” Of course, it would take a sociologist to help us all understand the complex roles and interactions involved. So here goes:
From Chapter 6 Engineering Culture:
- “…the messy interior of engineering practice, which after the accident investigation looks like “an accident waiting to happen” is nothing more than “normal technology.” Normal technology…is unruly.”
- “Judgments are always made under conditions of imperfect knowledge.”
- “…experts are operating with far greater levels of ambiguity, needing to make uncertain judgments in less than clearly structured situations.”
Or just reference Dr. Dykes above.
The next time you hear a journalist reporting on a train crash or an aircraft accident or a ‘self-driving-car’ incident you can expect to hear it was ‘just an accident waiting to happen’ — because they ALL are. The job of the engineers is to minimize the possibility of failure within the limits of what we know.
As we approach new space systems – especially launch systems – dissention should be expected at the Flight Readiness Review, some experts will believe there is more work to be done before the vehicle is ready to fly, that it is not safe enough. That is because ALL flight vehicles are never perfect or perfectly understood.
Pray that there are leaders with judgement, maturity, and understanding that can properly evaluate the risks and make crucial decisions correctly.
When the countdown reaches zero say a little prayer and hold your breath. Every single time.
Does that mean we should not go?
If you want to avoid all risk, you should stay in bed.
“The desire for safety stands against every great and noble enterprise.” – Gaius Cornelius Tacitus (56-120 AD)