Commercial space launches require a high-level commitment to safe operations, in every sense
By Robert Wilson
Counting down again
For once the journalistic cliché is accurate – commercial manned spaceflight is skyrocketing, literally and metaphorically.
For Bob Behnken and Doug Hurley, it means the best type of fame. Unlike the first generation of NASA astronauts, Behnken and Hurley are relatively obscure in everyday life, yet their names have been written in aerospace history as the first people to go into space in a commercially developed and launched spacecraft.
In May 2020 they flew to the International Space Station (ISS) on a Crew Dragon capsule launched by a reusable Falcon 9 rocket, both developed and operated by SpaceX, the private space launch developer founded by billionaire Elon Musk. They returned on 2 August, in the first splashdown since the days of the Apollo program. A fully crewed mission flew another 4 astronauts to the space station in November 2020.
As well as SpaceX, 4 other major projects are underway:
- Sierra Nevada Corporation is continuing to develop its Dream Chaser spaceplane, with the first flight to the space station predicted for 2022. The first version of the Dream Chaser will be uncrewed. A crewed version carrying 7 astronauts (which was the original design) is proposed.
- Boeing, the other member, along with SpaceX of NASA’s commercial crew program, launched its CST-100 Starliner space capsule in March 2020 – to mixed results.
The unmanned test of the seven-seat capsule returned safely to earth but was unable to dock with the space station due to a software error discovered during the flight. - Blue Origin, the rocket company founded by Amazon.com billionaire Jeff Bezos, plans to send up to 8 paying passengers at a time, 100 km into space on its New Shepard rocket, which has made 15 successful unmanned test flights.
- Virgin Galactic is planning to begin regular flights in 2021, with founder Richard Branson tipped to be first passenger to travel on the spaceship Unity.
Of course, we’ve been here before. For much of this century, promises of imminent commercial space flight have danced in the headlines. In 2008 Branson, who had founded Virgin Galactic 4 years before, declared the first passenger space flights were 18 months away. In September 2014 he predicted passenger flights by the following March. On the last day of October 2014, the Virgin Galactic SpaceShip Two VSS Enterprise crashed on a test flight, killing the co-pilot and severely injuring the pilot.
The spacecraft was destroyed when the co-pilot unlocked the movable tail booms that ‘feathered’ the spacecraft into a stable high-drag configuration for the early stages of its descent from 100 km altitude. When the booms were unlocked at a lower altitude and high subsonic speed, aerodynamic pressure pushed them into the feathered position, destroying the spacecraft within seconds.
For much of this century, promises of imminent commercial space flight have danced in the headlines.
The destruction of VSS Enterprise highlighted that going into space is a serious undertaking – as one of the few human activities more unforgiving than aviation. Of the 580 people who have rocketed into space (defined as over 80 km altitude), 20 have died in the attempt. Formal analysis of the Enterprise crash found prescriptive standards used in aviation were insufficient for new space systems. This lesson, while hard learnt, was not new. As far back as 1967, the deaths of astronauts Ed White, Gus Grissom and Roger Chaffee in the Apollo 1 launchpad fire had shown the need for a more thorough approach: system safety.
One chance to get it right: system safety
Jerome F ‘Jerry’ Lederer (1902–2004) was born before the Wright brothers flew and died after the second Space Shuttle disaster. In 1967 he was appointed to NASA as Apollo Program safety director in the wake of the launchpad fire.
Part of his response – summarised in the journal Hazard Prevention – was to comprehensively define system safety:
System safety covers the total spectrum of [safety] risk management. It goes beyond the hardware and associated procedures of system safety engineering. It involves: attitudes and motivation of designers and production people, employee/management rapport, the relation of industrial associations among themselves and with government, human factors in supervision and quality control, documentation on the interfaces of industrial and public safety with design and operations, the interest and attitudes of top management, the effects of the legal system on accident investigations and exchange of information, the certification of critical workers, political considerations, resources, public sentiment, and many other nontechnical but vital influences on the attainment of an acceptable level of risk control.
Lederer was applying a concept that had evolved rapidly in the 1950s and ’60s in high-consequence areas including nuclear submarines, nuclear power generation and nuclear weapons. In these fields the traditional method of developing safety through trial and error was unthinkable. Early nuclear weapons systems, in particular, demonstrated an important aspect of system safety – in the Atlas missile program each designer, manager and engineer was responsible for the reliability of their particular component or subsystem. As a result, many problems only emerged when systems had to fit and work together. Unreliable missiles advanced safety thinking in another way – their non-existent pilots could not be blamed for accidents.
The International Space Safety Foundation is a non-profit organisation dedicated to furthering industrial cooperation and scientific progress in the field of space safety. It outlines 5 principles of system safety in engineering and operation:
- Build in safety instead of adding protection features to a completed design. System safety emphasises the early identification of hazards so action can be taken to eliminate or minimise them in early design decisions.
- Consider systems as a whole rather than with subsystems or components. Safety is an emergent property of systems, not their components. One of the principal responsibilities of system safety is to evaluate the interfaces between the system components and determine the effects of how components interact. (Components include humans, machines and the environment.)
- Start from hazards, not failures and failure rates, because hazard and failure are not necessarily linked. Hazards are not always caused by component failures, and not all failures cause hazards. The events leading to an accident may be a complex combination of equipment failure, faulty maintenance, instrumentation and control inadequacies, human actions, design errors and poor management decision-making. Serious accidents have occurred when the system components were all functioning exactly as specified.
- Analyse, in addition to learning from experience and following standards and codes of practice. While these are necessary, the pace of change in novel or high-consequence systems does not always allow for such experience to accumulate.
- Balance qualitative and quantitative analyses. In the early stages of design or operation of a system, quantitative information usually does not exist. Subjective judgements are required at this stage. In addition, probabilistic risk analyses that exclude potential causes of an accident, including interactions among non-failing components, design errors, software errors and poor management decision-making, can lead to dangerous complacency and focusing engineering efforts only on the accident causes for which those measures are possible.
These are people who will fly at their own risk to try out new technologies.
Not quite two standards: transport vs tourism
The imminent era of commercial space day-trip tourism began in an unlikely place – the US Congress. On its final sitting day in 2004, the 108th Congress, under President George W Bush, passed the Commercial Space Launch Amendments Act (CSLAA).
The Act, written to stimulate the development of a commercial suborbital space launch industry, drew impassioned arguments for and against in the House. One of its key points was a moratorium for safety regulations of flight participants (crew and passengers) of 8 years, later extended until 2023.
Republican Congressman Sherwood Boehlert praised the moratorium. ‘This industry is at the stage when it is the preserve of visionaries and daredevils and adventurers,’ he said. ‘These are people who will fly at their own risk to try out new technologies. These are people who do not expect and should not expect to be protected by the government. Such protection would only stifle innovation.’
Democratic Party representative James L Oberstar was less impressed, saying, ‘This standard in the Bill amounts to the codification of what has been come to be known in aviation safety parlance as the “tombstone mentality” – don’t regulate until there are fatalities … We should not legislate a tombstone mentality for safety oversight of this new space tourism industry’.
The Act means private space launch operators not dealing with NASA are essentially unregulated. (Russian and Chinese human launches are government operations.) However, launch operators providing commercial transportation services to the International Space Station under the terms of NASA’s commercial crew program must obtain a NASA safety certificate. This certificate requires adherence to NASA’s human-rating standard for space vessels, which has particular emphasis on structural design, redundancy and mission design.
The Act merely requires operators to provide prospective customers with written information about the risks of spaceflight and a statement that the US Government has not certified the vehicle as safe.
‘It’s not a double standard: it’s the NASA standard for professional astronauts – or nothing,’ International Space Safety Foundation member Tommaso Sgobba says. ‘The CSLAA moratorium forbids the US Federal Aviation Administration from setting any rules or standards at all,’ he says.
Sgobba, the former head of the European Space Agency safety office, finds this problematic.
He says the Act is ‘grounded on the misconception that safety regulations can be established only when enough operational experience is gained, several years, perhaps decades from now’.
‘I believe that this has backfired because there are institutions such as insurers and investors who want a degree of certainty if they are to engage with commercial space operators,’ he says.
Sgobba says there is nothing to stop any would-be space launch operator from adopting a system safety approach, but the lack of a common standard means high levels of safety cannot be verified.
‘When I visited Virgin Galactic in California in the aftermath of the 2014 accident, I found an impressive team with experience from NASA and other organisations – they were all good people, good background, high professionalism. However, you don’t build the safety culture of an organisation just by assembling excellence. Regulation is a way of communicating experience from one generation to another – when you don’t rely on regulation, you cannot expect to have all the experience needed to compensate for missing standards.’
The CSLAA moratorium forbids the US Federal Aviation Administration from setting any rules or standards at all.
Commercial human suborbital spaceflight in the 2020s is in its barnstorming era, but different from the barnstorming aviation of 100 years ago in that it can tap the experience of 60 years of government programs, Sgobba says. He predicts that when suborbital space flight evolves from a thrill ride into a mode of transport, using hypersonic ‘space planes’, it will have to adopt a more stringent set of standards and practices. ‘If you look at the DLR (Germany’s space agency) SpaceLiner project, that’s exactly what they are doing,’ he says. The SpaceLiner concept is being designed to the International Association for Space Safety’s proposed certification standard, with a detachable passenger cabin capable of independent return to earth.
Space regulation will eventually have to be global and here the space station is a sign of hope. ‘The ISS has American, European, Russian and Japanese modules and, in its 20 years, it has evolved a system of mutual recognition of safety certification,’ Sgobba says. ‘I hope this will become a way of doing space business in future, perhaps on a moon base, long after the space station has fallen back to earth.’
