Conference 7.286::space

Want to know something to really give us pause for thought - ?  Guess who's 
stuff does the testing, etc. for Morton Thiokol?

Dan

re .0:

While I am in emotional agreement (i.e., gut reaction) with what you say,
I have a few objections:

>  This brings up an interesting question - if these folks were
>  so sure of the danger to the SRBs (in fact, one senior engineer said
>  that he and other engineers expressed surprise at launch time that
>  Challenger cleared the tower without incident) why didn't they go
>  to the media with their concerns?  I'm sure that the networks,

I think that the probability was high that they would have lost their jobs if
they were successful in postponing the launch.  And probably wouldn't have been
able to get another job like it.  While public opinion would have supported
them, I doubt that anyone higher-up in the "chain of command" would have
felt that they acted properly.  After all, higher-ups could agree that they
acted properly only by tacitly agreeing that they (the management) would
have acted improperly if proper channels would have been used.  And (assuming
that the cold really did cause the accident), there would have been no accident
to prove that they were right. 

Also, there wasn't much time between the discussions and the launch in which
to decide to act.  Especially if your career is on the line.  (And besides,
you may have rationalized that probably they'll postpone the launch again for
some other reason.)

>  How is it that NASA, who has scrubbed launches for all kinds of
>  seemingly arcane reasons in the past (everything from failure of
>  Nth redundant systems to cloudy days) would suddenly perform a
>  180-degree turn and force a launch when engineers are insisting
>  the vehicle will blow up?

NASA and the Shuttle system were coming under increasing criticism for missed
schedules and postponements.  Even the most cautious people would tend to
get less cautious after repeated delays.  Remember that the immediately
preceding launch was reported as "the most delayed launch ever".  And
Challenger was scheduled very tightly for its next launch (requiring cargo
bay modification).  So NASA had unusual pressure on it.
  
>  In my view, if the situation developed the way the engineers
>  are claiming it did, then they are equally (if not more) culpable
>  than the company executives who signed off on the launch OK and

I agree.  But even under those conditions, few engineers would take certain
firing for blowing the whistle.  Especially in the aerospace industry, with a
tradition of strict information control due to the defense business. 


I don't think that we can conclude anything about the truth of the engineers'
after the fact statements from this line of reasoning, as emotionally appealing
as it is. 

Bob Fleischer 

    Why should we be particularly surprised that NASA (certainly) and
    Morton-Thiokol (most likely) acted just the way most bureaucracies
    - including relatively good ones - act?
    
    The knowledge that the O-rings constituted a single point of
    catastrophic failure dates back 3+ years, with the knowledge that
    primary O-ring performance was less than perfect similarly venerable.
    
    So in 1982 a decision had to be made:  halt the program (then very
    young and perhaps even more susceptible to fund-cutting if delayed)
    while the joint was re-designed and tested thoroughly, or continue
    if reasonable testing indicated that the performance level, while
    imperfect, remained acceptable.
    
    Not an easy decision, I'd say - and I don't believe for a minute
    that NASA (or M-T) tried to minimize its critical nature at that
    point.
    
    On the other hand, this kind of decision is not the kind NASA is
    used to.  They avoid single-point-of-failure problems like the
    plague via redundancy, and thus are very much accustomed to
    tolerating failure levels in the 0.01% - 1% range - because
    back-up systems can always reduce the composite level to some
    miniscule number and/or related systems can cover the point of
    failure.
    
    As a result, for single systems an "It's good enough" approach
    is usually the correct approach - because no single system is
    ever critical.  Or, any single system that IS critical is so
    damned reliable that only a deliberate act of sabotage could
    compromise its performance.
    
    What did they do when faced with a single system that was not
    quite that rock-solid, and could not be made so without a
    potentially disasterous program delay?  They attempted to test
    it sufficiently, over the range of expectable conditions, to
    prove that WITHIN THAT RANGE it really WAS solid (actually, a
    lot of this 'testing' seems to have been thorough analysis of
    the degree of ring failure experienced, but wider-range temperature
    testing also took place on the bench, an environment where
    it was not likely possible to duplicate other launch stresses
    exactly).
    
    And it seemed OK.
    
    Not quantifiably OK - and NASA lives on quantification - but
    NASA also lives, in a different sense, on performance.  In 1982,
    the Shuttle was still more a 'test' vehicle than a work-horse.
    Already long-delayed, it was finally starting to prove itself.
    Even with a less-than-perfect booster system, an educated
    evaluation (the best they could perform) of its safety probably
    indicated that, as test vehicles go, it was a good bet, probably
    a VERY good bet, certainly something the occupants (who likely
    knew as much about this problem as anyone) would willingly,
    eagerly, take the chance to fly.
    
    There was no precedent whatsoever for placing the entire program
    in jeopardy, and certainly delaying it critically, for a re-design.
    They didn't, and I don't fault them.
    
    But then the bureaucratic mind took over.  The initial decision
    to continue having been made, the problem was classified as a
    non-problem.  "Good enough" was in fact good enough, and no use
    diverting scarce funds into making it better.
    
    In time, 'good enough' became 'just fine - don't bother me'.  Such
    is bureaucracy.  Most of us are probably pretty familiar with it.
    The longer bureaucracy lives with a situation, the less they are
    willing to admit that change is needed, and the less likely they
    are to re-evaluate the severity of the issue if circumstances later
    change - especially if the change is subtle or merely a matter of
    slight degree.
    
    So what was almost certainly viewed as a critical decision in 1982
    became a simple 'judgement call' in January.  Middle-/high-level
    management prides itself on its judgement calls and ability to take
    calculated risks.
    
    What has been reported about the 24 hours immediately preceding
    the launch of flight 51-L sounds very much like this kind of seat-
    of-the-pants management assessment.  Now, my own feeling is that
    this assessment should have been more conservative given the risk
    to life and an extremely expensive and irreplaceable vehicle, but
    even as I deplore what I consider to be cowboy management tactics
    I STILL can't say that their decision was an obviously poor one.
    
    Because there seems to be evidence that areas in the vicinity of
    the O-rings were some 20 degrees F. BELOW ambient shortly prior
    to the launch, perhaps due to a very small fuel or oxygen leak
    in the ET.  This is far colder than anyone making the decision
    knew about, and had temperatures been what was expected perhaps
    we would never have known how close to failure things had been.
    
    And the engineers were in the same boat.  Less prone to dismiss
    the issue as a problem of the past, but still with no real means
    of assessing risk vs. benefit.  More properly conservative, but
    with no real basis for trying to over-rule the joint decision of
    their own management and NASA, especially in the brief interval
    prior to launch when M-T reversed its initial conservatism (though
    the detailed reasons for that reversal, over the objections of
    their engineers, would be very interesting as a comment on how
    management acts in common situations).
    
    No, the real blame lies in the period from 1982 to January - when
    management treated the problem as simply an evolutionary design
    change rather than an issue of immediate importance, and when
    engineers accepted the delay rather than spoke out externally
    to effect a more rapid correction.  To me, this seems to be the
    only point in the process where one could, and should, have been
    able to expect different and more appropriate response to the
    situation.
    
    But that would be to expect NASA bureaucrats to function better
    than the best of their counterparts in private industry, wouldn't
    it?  Perhaps NASA engineers, also.
    
    Seven lives and critical launch capability seem likely to teach
    those parties an lesson, one would hope an enduring one.  It would
    be a pity if the rest of us didn't learn from it as well.
    
    		- Bill
    

An interesting side note on this question:

I was listening to the Presidential committee hearing for a while this
afternoon on WBUR.  At the time, they were talking to two Morton-Thiokol
engineers who were in that controversial evening teleconference.

One comment made be the engineer was shocking:  He felt as if the actual
agenda was to see if the engineers could prove beyond a reasonable doubt that
the launch should be stopped - a complete reversal of prior conservative NASA
policies.

From: [email protected] (Jonathan Isaiah Kamens)
Newsgroups: sci.space.shuttle
Subject: Boisjoly videotape
Date: 7 Jan 88 01:19:12 GMT
Organization: Massachusetts Institute of Technology
  
    I saw on Monday a videotape of a speech given by Roger Boisjoly,
the Morton Thiokol engineer who realized the O-ring problem in advance
and tried to stop the Challenger launch, at MIT last year.  It really
was impressive how much he stuck his neck out, and I think that proves
how sure he was that the rings would present a problem. 
 
    He said one very interesting thing in his speech. (paraphrased)
"Right before the launch, I said to a couple of my fellow employees,
'I hope that those O-rings don't cause a disaster.  But I hope that
after the launch they are 95% eaten through so the others will listen
to me.'"  It's really scary that he was so positive that things were
going to go wrong (The evidence he talks about is staggering.), and
yet the management of Morton Thiokol and NASA wouldn't listen.  It's
also annoying how much Morton Thiokol made his life difficult after he
went public. 
 
    Any comments?
 
 -=> Jonathan I. Kamens | "There is no expedient to which man will not go
     MIT '91            |  to avoid the real labor of thought."
     [email protected] |                           - Thomas Alva Edison

From: [email protected] (Ron Heiby)
Newsgroups: sci.space.shuttle
Subject: LIFE Boisjoly Interview
Date: 4 Mar 88 13:23:49 GMT
 
    In the March 1988 issue of LIFE magazine, there is in interview
with Roger Boisjoly, of Morton Thiokol O-ring fame.  It starts on page
17. On page 22, Boisjoly makes the following statement (about the
nozzle joint): 
 
	Incredibly, NASA is now reinstalling the model that worked
	in August.  If you make the technical decision to redesign
	a piece of hardware, it is not on a whim - it is because
	something is wrong.  And if the redesign fails, then you
	cannot ethically revert to the previous version and call it
	acceptable for flight.
 
    Does anyone know more about this?

Ron Heiby, [email protected]	Moderator: comp.newprod & comp.unix
"I believe in the Tooth Fairy."  "I believe in Santa Claus."
	"I believe in the future of the Space Program."

From: [email protected] (Matthew Belmonte)
Newsgroups: sci.space.shuttle
Subject: Re: LIFE Boisjoly Interview
Keywords: Boisjoly nozzle joint
Date: 7 Mar 88 04:42:05 GMT
Organization: Cornell Univ. CS Dept.
 
    In article <[email protected]> [email protected] (Ron Heiby) writes:

>In the March 1988 issue of LIFE magazine, there is in interview of Roger
>Boisjoly, of Morton Thiokol O-ring fame.  It starts on page 17.  On page
>22, Boisjoly makes the following statement (about the nozzle joint):

    In a talk he gave here at Cornell recently, Boisjoly was asked
about the nozzle joint and in response put up a viewgraph of something
that had been designated as an alternative design and said (words may
not be exact) "This is the joint they should be using."  I can't
recall the particulars, but his point was that the current design
(correct me if I'm wrong) has the joint penetrated by many steel
screws which connect the nozzle section to the bottom section of the
SRB, and as a result there is a nontrivial probability of its being
corrupted by pressure.  I wish I could picture exactly what that joint
he had up on the screen looked like. 

    Matthew Belmonte

Internet:	[email protected]
BITNET:		belmonte@CRNLCS
*** The Knights of Batman ***
(Computer science 1, College 5, Johns Hopkins CTY Lancaster '87 session 1)