Management It
Resume:
ARTICLE IN PRESS
Space Policy ** (****) *** ***
Columbia and Challenger: organizational failure at NASA
Joseph Lorenzo Hall*
Astronomy Department/School of Information Management and Systems,
Astronomy Department, University of California at Berkeley, 601 Campbell Hall, Berkeley, CA 94720-3411, USA
Abstract
The National Aeronautics and Space Administration (NASA) as the global leader in all areas of space ight and space science
is a unique organization in terms of size, mission, constraints, complexity and motivations. NASA s agship endeavor human
space ight is extremely risky and one of the most complicated tasks undertaken by man. It is well accepted that the tragic
destruction of the Space Shuttle Challenger on 28 January 1986 was the result of organizational failure. The surprising disintegration
of the Space Shuttle Columbia in February 2003 nearly 17 years to the day after Challenger was a shocking reminder of how
seemingly innocuous details play important roles in risky systems and organizations. NASA as an organization has changed
considerably over the 42 years of its existence. If it is serious about minimizing failure and promoting its mission, perhaps the most
intense period of organizational change lies in its immediate future. This paper outlines some of the critical features of NASA s
organization and organizational change, namely path dependence and normalization of deviance . Subsequently, it reviews the
rationale behind calling the Challenger tragedy an organizational failure. Finally, it argues that the recent Columbia accident
displays characteristics of organizational failure and proposes recommendations for the future.
r 2003 Elsevier Ltd. All rights reserved.
in 1967 are examples of failure at NASA that cost a
1. Introduction
total of 17 astronaut lives. Where the Apollo accident
What we nd out from [a] comparison between
was a mix of organizational and technical failure,2
Columbia and Challenger is that NASA as an
both the Shuttle tragedies are largely organizational
organization did not learn from its previous mistakes
failures.
and it did not properly address all of the factors that
Section 2 acquaints the reader with the unique
the presidential commission identi ed.
organizational features of NASA. Section 3 explains
Dr. Diane Vaughan; Columbia Accident Inves-
the Challenger tragedy and the rationale behind calling
tigation Board testimony, 23 April 2003 [1].
it an organizational failure . Section 4 explains the
working scenario behind Columbia s disintegration and
Organizational failure is a fact of organizational life.
the parallels with Challenger. Finally, Section 5 proposes
Failure will happen no matter how elaborate of a system
some possible remedies.
an organization deploys. Nowhere is this more apparent
than in high-risk organizations like NASA. NASA has a
variety of risk-avoidance systems that all aim to do one
thing: ensure that instruments and astronauts sent into
space complete their missions safely. NASA has failed
2
The Apollo accident in 1967 was the result of bare wires short-
in a few instances to ful ll this goal in the realm of
circuiting in the capsule s pure oxygen environment causing an intense
human space ight.1 The Space Shuttles Challenger and re, toxic gas build-up and pressurization of the spacecraft denying the
Columbia tragedies as well as the Apollo launch pad re astronauts egress from the vehicle. It can be argued that this was an
organizational failure based on the extremely hazardous conditions of
the test capsule. However, Apollo is distinct compared to Challenger
and Columbia considering Apollo took place during NASA s formative
*Tel.: +1-510-***-****; fax: +1-510-***-****. years when all vehicles were designated as research and development
E-mail address: abqds8@r.postjobfree.com (J.L. Hall). craft. Notably, the Apollo accident does not display the path
1
For the remainder of this paper I will speak speci cally about dependence (Section 2.2) or normalization of deviance (Section 2.4)
characteristic of Challenger and Columbia.
human space ight.
0265-9646/$ - see front matter r 2003 Elsevier Ltd. All rights reserved.
doi:10.1016/j.spacepol.2003.08.013
ARTICLE IN PRESS
J.L. Hall / Space Policy 19 (2003) 239 247
240
2. Organizational features of NASA
2.1. Overview
The National Aeronautics and Space Administration
(NASA) is a unique organization in terms of size,
mission, constraints and motivations. Even as one of the
smallest of the major federal agencies, NASA is a large
organization that directly employs 18,000 people and
has an operating budget of approximately US$ 15
billion (out of every US dollar spent in the world on
space, roughly 35 cents is spent by NASA [2]). NASA s
mission is unique as a leader in all areas of space ight
and space science. Along with the traditional constraints
of a federal agency like annual budget review and
organizational complexity, NASA s main endeavor of
Fig. 1. A plot of the NASA and Space Shuttle Program (SSP)
human space ight enjoys no exibility in terms of risk. historical budget in billions of US dollars. The gures are constant-
Complicating things further, the motivations for dollar amounts based on the year 2002. Note the relatively large
NASA s mission have varied from the very speci c in amount of funding during NASA s formative years, the spike in 1987
the past winning the US/Soviet space race during due to replacing the Challenger orbiter and the decrease in funding in
the past decade. Source: Data adapted from Hoffman [24], ASRP [25],
the 1960s to the very abstract today technology
OMB [26] and CAIB [27].
transfer, advancement of scienti c knowledge and space
development.
2.3. The perpetually developmental Shuttle
2.2. Path dependence
It is important to understand that even today the
NASA has been described as a heavily path
Space Shuttle is an experimental vehicle. Much is
dependent organization [3]. Path dependence refers to
learned from each Shuttle after returning to Earth and
the tendency for organizations to make decisions based
during preparation for the next launch. The Space
on, and have their present state de ned by, their history.
Shuttles own today are different from those initially
A good analogy for this phenomenon is when some-
own in 1981. In fact, the Shuttle s of cial develop-
thing like a cardboard box is pressed upon and is
mental stage was from 1980 to 1982. After this point, it
unable to return to its original form. Organizations are
was declared operational so as to be available to ferry
often equally unable to return to their original state
passengers and cargo to the to-be-completed Space
given a stimulus.
Station and to lend legitimacy to the political selling
NASA is very much in uenced by its history. The
point that the Shuttle could pay its way by launching
agency was established in 1958 by the National
Aeronautics and Space Act of 1958.3 The aftermath of spacecraft for the global telecommunications market.
This operational designation was and still is in direct
John F. Kennedy s historic man on the Moon speech
con ict with the experience of Shuttle engineers.4 The
in 1961 sparked the space race between the United
Shuttle is still very much a developmental craft with
States and the Soviet Union as each struggled to prove
constantly changing technology and mysterious pro-
its technological superiority. Cost concerns were of less
blems that are not predicted from design.
importance during this era as nothing could be spared to
The operational designation also sent the message
beat the Soviets to the Moon. However, at the end of
that Shuttle launches were intended to be a routine,
the era, NASA experienced substantial budget cuts
regular part of the space program. As Shuttle launches
(see Fig. 1) but retained the organizational structure of
became routine, the excitement of the Apollo-era Moon
the Apollo era. Additionally, human space ight was
race abated and NASA was forced by various admin-
recognized as an important and vital part of the space
istrations to cut costs (see historical budget data in
program s success in the 1960s and as such played a
Fig. 1). NASA realized that it could contract out
major role in the direction of NASA and human
portions of the Shuttle program and take advantage of
space ight. These circumstances led to the NASA of
the private sector s business savvy. Unfortunately, this
the 1980s: still focused on human space ight with a
smaller budget and no heavy-lift capability like Apollo s
Saturn V. 4
In fact, Shuttle engineers pray during launchy in light of
Columbia, they will likely pray during re-entry as well. This is not a
3
Public Law 85-568, 72 Stat. 426 (as amended). cultural feature of an operational vehicle.
ARTICLE IN PRESS
J.L. Hall / Space Policy 19-200*-***-***-***
had the effect of injecting production pressures into what launch, hot gas exited one SRB and pierced the primary
was essentially a research and development operation. fuel tank causing the colossal explosion that destroyed
Challenger. What was not destroyed by the initial
2.4. Normalization of deviance explosion was crushed by the force of hitting the surface
of the ocean at 320 kph.
Vaughan [4 6] has developed the concept of normal-
ization of deviance to explain how technical aws can
3.2. The night before launch
escape the scrutiny of the various safety bodies within
NASA5 over time. In many cases, unanticipated
There was an ongoing debate in the years before the
problems continue to occur even though nothing
Challenger launch between the low-level engineers and
particularly catastrophic happens during a given Shuttle
management at Morton Thiokol the contractor for the
mission. This leads to the very pragmatic notion of
SRBs about the SRB O-rings. The original shuttle
acceptable deviance. That is, it was often very
design called for two O-rings per SRB segment for
expensive and time-consuming to root out the cause of
redundancy the primary and secondary O-rings.
a given anomaly with some problems being incorporated
NASA typically retrieves SRBs from the ocean for
into the regular maintenance cycle of the Shuttle
inspection (and reuse) and had seen O-ring heating
without detailed examination. Under the production
damage and blow-by 8 on a number of ights9.
pressures mentioned above, it was unacceptable to
The night before the fateful Challenger launch, there
spend signi cant resources on problems that were not
was a teleconference between engineers and of cials at
ight safety risks that is, if the problem could cause
Morton Thiokol (Thiokol), Kennedy Space Center
loss of the vehicle.6 This provided disincentives for the
(KSC) and Marshall Space Flight Center (MSFC). A
engineers to track down the source of problems, even
group of low-level engineers at Thiokol who were
though many were not part of the Shuttle s design and,
involved with the O-ring problem were concerned that
if magni ed, could pose ight safety risks. Frequently,
the unprecedented cold temperatures on the launch pad
a ight was cleared based on previously successful ights
were below the design threshold for the O-rings. The
that had completed their missions but still exhibited a
worse case of O-ring damage and blow-by to date had
given problem. This reasoning led physicist Richard
occurred in a similarly strange period of very cold
Feynman to comment When playing Russian roulette
temperatures nearly a year before. The engineers
the fact that the rst shot got off safely is little comfort
expressed their concerns to the upper management at
for the next. [7]
Thiokol who decided to hold a conference call with the
KSC and MSFC of cials later that night.
The circumstances surrounding this conference call
3. The Challenger tragedy
reek of organizational failure [5]. The engineers had very
little time to assemble their presentation on why cold
3.1. The launch
temperatures should be a concern for O-rings. The
ground crew had to start pumping liquid fuel into
On 28 January 1986, some 73 s after lift-off, the Space
the main fuel tank by midnight that night to launch the
Shuttle Challenger exploded. President Reagan ap-
following morning. Why was not the launch postponed?
pointed William Rogers, an experienced politician, to
Perhaps because the O-ring problem was not considered
head a Commission that was charged with investigating
to be of much concern. Perhaps because this ight had
the accident (The Rogers Commission [8]). The inves-
Sharon Christa McAuliffe on it, an educator and
tigation climaxed with commission member and physi-
civilian. President Reagan was to give his State of the
cist Richard Feynman dunking a piece of the rocket
Union address the following night and had planned on
booster s O-ring7 material into a cup of ice water,
using the launch in his speech arguably to highlight the
demonstrating how it lost all resiliency at low tempera-
operational nature of the Space Shuttle and the
tures and removing all doubt as to the technical cause of
educator astronaut in a time of signi cant educational
the explosion (APS [9]). In the abnormal cold
spending cuts. Even though the Rogers Commission
(o 7 C) of the three nights that Challenger had spent
found that there was no direct evidence of an order
on the launch pad, an O-ring on one of the solid rocket
from the Reagan administration, the political pressure
boosters (SRBs) had become brittle. About 1 min after
felt by upper management and political appointees had
to be huge.
5
See Vaughan [4] for an extensive discussion of the safety divisions
within NASA.
6 8
Loss of vehicle assumes loss of crew as the Shuttle has no crew Blow-by refers to hot gas actually getting past the primary
escape capabilities. O-ring and heating the secondary O-ring.
7 9
An O-ring is simply a round rubber washer that is intended to Vaughan [5] lists all ights and their O-ring conditions on pages
provide a seal. 442 444 (Figs. B5.1 5.3).
ARTICLE IN PRESS
J.L. Hall / Space Policy 19 (2003) 239 247
242
4.1. The CAIB working scenario
Further, the engineers were immersed in a culture of
proof. That is, they were required to prove at this point
About 81 s13 after lift-off on 16 January 2003, a
that there was a mission critical problem that necessi-
tated the postponement of the launch. However, the briefcase-sized piece of foam possibly containing ice
production pressures associated with being a NASA somehow detached from the main fuel tank and
impacted the left wing of the Columbia orbiter. This
contractor did not allow the resources to study the
problem in detail in preceding months and they were not probably damaged the left wing enough to cause part of
going to come up with any monumental calculations or the Shuttle s Thermal Protection System (TPS) tiles to be
experiments in the 3 h between the decision to have the compromised. The damage was magni ed by the super-
conference call and the call itself. In their haste to get hot plasma that the Shuttle creates as it slows down
ready for the call, the engineering team mistakenly during re-entry to the Earth s atmosphere. At one point,
included slides that had been used in previous Flight the left wing skin was pierced, allowing plasma to enter
Readiness Reviews (FRR10) to argue that the O-rings the wing. This seriously damaged the internal structure
would not be a problem despite damage and blow-by of the wing and data show that wing sensors began to
fail. Columbia s landing computer14 attempted to correct
incidents. Tufte [10] shows that the graphics presented in
the teleconference were unclear and obfuscated and has for the increased drag caused by the wing damage, to no
since produced his own charts from the data that clearly avail. With the continued destruction of the left wing,
Columbia eventually lost aeronautical control and
show a temperature correlation with O-ring damage.
The people at KSC and MSFC received mixed signals as became ballistic at a speed near 20,000 kph. In the
Thiokol engineers argued against launch in the extreme words of the CAIB working scenario main vehicle
cold when they had seen similar charts in previous aerodynamic break-up occurred at 9:00:23 EST [11].
FRRs to argue the opposite.
In the end, all parties to the call took a break during 4.2. Normalization of Deviance Round 2
which the senior manager at Thiokol criticized his
engineers for their performance. When the call resumed, As was the case with O-ring damage in the years
a majority of the Thiokol engineers had decided to before the Challenger launch, this was not the rst time
recommend that the launch go ahead with a minority that foam had detached from the main tank and caused
still insisting that the previous night s cold temperatures damage to a Shuttle. There had been numerous impacts
had probably caused damage to the O-rings. In addition on previous ights by foam shrapnel much smaller
to bureaucratic and political pressures and normal- than that which hit Columbia. Shuttles would typically
ization of the deviance of O-ring performance, a path- return with hundreds of impacts bigger than 2.5 cm.15
dependent reliance on proof over engineering intuition is There are numerous reports in the Problem Reporting
also readily apparent. and Corrective Action (PRACA) system that show
thermal tile damage as a likely result of foam shedding
(see NASA [12]).
Not only was foam impacting not considered in the
4. The Columbia tragedy: what went wrong (again)? design of the TPS, but the high level engineering
requirements of the Shuttle speci cally state that
On 1 February 2003, Columbia disintegrated over nothing should impact the shuttle during launch.16 But
Texas during re-entry.11 Immediately after this tragedy,
13
an independent investigation board lead by retired The similarity between this time and the explosion 73 s after the
Admiral Hal Gehman12 was formed. The charter and launch of Challenger is interesting. It seems that both ights were
victims of unexpected cross-winds associated with this altitude that
make-up of the board underwent a few revisions to
shook loose an O-ring in the latter case and a chunk of foam in the
ensure that it was directed in the manner of an airplane former case.
crash investigation and completely independent of 14
The landing of the Space Shuttle has always been piloted by a
NASA oversight while retaining signi cant freedom. computer. Landing the Shuttle is a very delicate maneuver that likely
cannot be performed by a human pilot.
15
See external tank images and studies of foam impact damage
frequency at NASA [12] in particular see Rieckhoff et al. [28].
16
It is critical [y] that all sources of debris be controlled to the
10
Flight Readiness Reviews are large conferences typically several greatest extent possible. [29]. The spec for the [External] Tank is that
weeks before launch where the engineers from each Shuttle subsystem nothing would come off the Tank forward of the 2058 ring frame [low
validate their system for launch in a highly public, iterative and down on the Tank], and it [the Shuttle] was never designed to withstand
technical engineering defense. a 3-pound mass hitting at 700 ft/s. That was never considered to be a
11
An animated GIF of the debris trail is available here: http:// design requirement We paid an awful lot of attention to making
www.shorl.com/hahetugakyty. sure nothing came off, because we knew if we fractured the carbon
12
Adm. Gehman recently headed the successful investigation into carbon on the leading edge of the orbiter, it was a lost day. Richard
the terrorist bombing of the USS Cole in Yemen. F. Thompson, Excerpt from CAIB testimony 23 April 2003 [30].
ARTICLE IN PRESS
J.L. Hall / Space Policy 19-200*-***-***-***
foam had been hitting the Shuttle consistently and a imaging quality. Further, NASA would have had to
team of chemists and engineers were working on the declare an emergency or high priority investigation to be
proper kind and application of foam to apply without able to re-task committed instruments. There are also
using an older method that required environmentally some unveri ed indications that the request may have
damaging freon. The studies of foam impacts all been quashed because the requesters did not go
concluded that they did not pose a ight safety risk. through the proper channels (see Vaughan [1]). This
Of course, the small pieces of foam that had been shows that some of the hierarchical and bureaucratic
structure of NASA also present in the Challenger
coming off the external tank ight after ight, and only
causing 2.5 cm pits and craters, were not a ight launch decision directly con icts with the intuitions of
safety issue. NASA engineers.
However, a briefcase-sized piece of foam that may It is important to point out that the likelihood of a
have contained a percentage of ice and/or ablator17 is successful rescue of the Columbia crew would have been
not what researchers and engineers had in mind when very small given that there was imagery or other
they declared foam shedding not to be a ight safety evidence that showed wing damage, of course. At the
issue. This large a foam shedding event was unprece- time of writing, three general scenarios have been
dented (cf. the three days of abnormal cold before the proposed (in order of increasing likelihood of success):
Challenger launch). Here, an anomalous event the (1) patching the wing breach with materials at hand
shedding of foam that regularly damages TPS tiles on (duct tape, bags lled with water, etc.) and attempting
each ight is not considered to be dangerous because re-entry; (2) jettisoning as much equipment as possible
orbiters are coming back unharmed. What was not and attempting a rendezvous with the Space Station; (3)
considered was the possibility of a larger or heavier (ice- rationing resources while waiting for the next orbiter in
line, Atlantis, to rescue the astronauts. Evaluating the
laden) piece of foam hitting the Shuttle in a particularly
vulnerable area like the leading wing edge. This is a probability of success for these scenarios could be a
classic example of Vaughan s normalization of de- research paper in itself, but a few points merit mention.
viance where an unpredicted anomaly becomes routine. Speci cally, each of these scenarios are mutually
exclusive in that an attempt at one scenario would not
4.3. Role of hierarchy in Columbia allow an attempt at another scenario. Patching a
B25 cm hole in zero-gravity and very cold temperatures
Hierarchy also seems to have played a role in the post- or a space-walk to estimate damages would use
launch process during the Columbia mission. Engineers resources too fast to attempt a rescue by another
in Florida were concerned that the debris that impacted orbiter. Jettisoning heavy equipment would probably
Columbia could have impacted near the landing gear involve throwing spacesuits and other materials out that
housing a particularly vulnerable part of the TPS. would have to be used to attempt to patch damage or
They thought if they could image the damaged area transfer crew-members to a rescue craft.
However, if data were available early in the Columbia
using ground-based telescopes or imaging satellites, they
could best be prepared for any abnormal landing mission that showed extensive damage, one could
conditions. If the wheel housings had been damaged, it imagine an Apollo 13-like stroke of technical and
was quite possible that only one or none of the landing logistical genius brought to bear on a rescue attempt
gear would be deployable upon landing. The engineers that would have probably involved the following in
were discussing what to do given abnormal landing gear gross detail:
deployment (see NASA [13]).
The preparations for the next orbiter launch, Atlantis,
Unfortunately, it appears that the upper management
could have been accelerated pushing the limits of
in NASA shut down the imaging request in the belief
safety and hopefully not causing another catastrophic
that the foam incident did not pose a ight safety
accident. Casual estimates fall in the range of four to
risk18 (see Readdy [14]) and because of questionable
six weeks until launch could have been possible. Note
that the cause of the Columbia damage would have
17
Ablator material is placed underneath the main fuel tank s layer of
been a launch consideration and any modi cation of
foam to provide lightweight protection against high temperatures. A
layer of ice may have formed between the layer of foam and ablator as the external tank foam application would have added
surrounding air and humidity was frozen due to the cryogenic
precious time to the launch schedule.
temperatures of liquid fuel. This ice could have been vaporized during
launch, causing ejection of the foam. This process is called,
popcorning .
18
(footnote continued)
An elementary calculation that NASA management should be
E pmv2 : One can ask, how massive would something have to be to
capable of can show that there was reason for concern. The foam
piece that impacted the orbiter was estimated to have a mass, m; of impart a similar amount of kinetic energy at a velocity of 15 kph
about 0.78 kg and traveling at a relative velocity, v; of 800 kph. The (typical of a fast bicycle). Equating the two energies yields a mass of
kinetic energy (energy of motion) of the foam piece would have been 2200 kg!
ARTICLE IN PRESS
J.L. Hall / Space Policy 19 (2003) 239 247
244
The Columbia crew would severely ration resources The management at NASA would rather not make
(food, water, air, etc.) such that they could survive decisions that would jeopardize their jobs. Further
the wait for Atlantis. A resupply of Columbia via complicating things, certain members of Congress
another launch vehicle could have been possible but it which is the regulatory oversight body for NASA have
is hard to imagine Columbia accepting provisions no desire to make decisions that would jeopardize the
without needing to open their airlock or burn NASA center in their district. Unfortunately, these are
calories. some of the hardest obstacles in the path of NASA s
Once Atlantis was successfully launched, it would organizational change.
need to rendezvous with Columbia at around There needs to be a mechanism for engineers to be
28,000 kph at a close distance of 10 m and a series able to bypass the bureaucracy and hierarchy, especially
of space walks would transfer the Columbia crew to in the pre-launch process. What would have been the
Atlantis. alternative if the engineers had succeeded in getting their
After successful transfer of the Columbia crew, point across in the case of Challenger? Probably
Atlantis would re-enter with a larger crew than Challenger would have had to been taken off of the
normal. launch pad and the SRBs disassembled to replace the
damaged O-rings. This would have been expensive
The relevant point here is that data about the state of but not nearly as costly as the loss of crew and
the orbiter are very important in the subsequent vehicle. As well, if an engineer has a special request
development of the mission and that these data were for a certain type of data, there should be a way to
speci cally considered to be irrelevant by upper manage- request exceptions to formal bureaucratic procedures to
ment. The CAIB has issued preliminary recommenda- focus on getting the data. Engineers have many
tions that address on-orbit and launch imaging as well intuitions and hunches that take time and resources to
as on-orbit repair ability. translate into analysis and data. These intuitions need to
be respected, given credence, explored and welcomed by
upper management.
5. Recommendations
5.2. Collaboration over contracting
What could NASA do differently to better avoid the
types of organizational failure typi ed by the two
Shuttle tragedies? NASA needs to take the traditional idea of con-
tracting out of Shuttle development and maintenance.
5.1. Flatten hierarchy As it stands now, contracts are awarded and technology
and/or services are delivered. Relationships between
The Apollo-era mission to the moon was a period of subsystem contractors and NASA entities should have a
signi cant, focused development in a mission-oriented very rich interface between them as opposed to
environment. The organizational and physical infra- production and delivery-oriented relationships. A prag-
structure of today s NASA is largely a result of this matically collaborative model of interaction between
period. A hierarchical, bureaucratic cadre of middle and NASA and private sector rms would bene t both sides
upper management is necessary for an organizational and foster learning by monitoring whereby all
thrust like that of Apollo. However, in NASA s current parties continue to grow and improve their product
environment, it would be practical to question these and processes through joint testing, simultaneous
relics of path dependence. engineering and development and root cause error
Speci cally, there is a large body of research detection and correction [19].
in organizational science about alternatives to hierarch- Interesting research in the biotechnology eld has
ical organizations and rms. There is work on suggested that networks of learning as opposed to
network organizations [15], creating organizational individual rms are important for innovation [20].
change [16,17] and organizing knowledge [18]. The Perhaps the key to innovation in Shuttle operations
network organization where the organization is and development is not found in single NASA
attened and assumes an organic structure with centers with their traditional and path dependent
collaborative linkages and dynamic exibility has specialties. Indeed, the networks of learning that
proved to be a good organizational structure in tie NASA centers, contractors, researchers and aca-
R&D environments like biotechnology and information demics are probably NASA s most valuable and under-
technology. utilized asset. Many good ideas lie within the NASA
There are impediments to this magnitude of change. network but, without interaction and encouragement,
The upper management and political regulators of most of them do not have a chance in the current
NASA have no interest in alternatives to hierarchy. structure.
ARTICLE IN PRESS
J.L. Hall / Space Policy 19-200*-***-***-***
5.3. Normalization of Deviance alarms and speci c working for one week to produce something meaningful
action because of poor data and unsupported assessment
needs.
The tendency for design deviance to be normalized in PRACA should not need a cluster of information
the current structure should not go unnoticed. Both the priests to be able to extract information from its ve
Challenger and Columbia tragedies occurred through databases and one paper source. It should be able to
exacerbation of known design defects. The frequency of facilitate meaningful, regular use by all levels of NASA
occurrence of deviant behavior in both cases was regular staff. Further, the current state of algorithmic sophis-
but poorly understood, researched and controlled and, tication in terms of search, trending and data mining is
in both cases, actually worsened with time. This suggests years ahead of what PRACA is capable of. PRACA
that there should be normalization of deviance alarms should be dynamic and responsive to user needs as well
or a task force that speci cally tracks deviant behavior. as connected to incentives to ensure a high-level of data
population. Further, methods of computer-aided assess-
When a subsystem shows signs of deviant behavior,
action should be taken and resources committed (in ment, trending and data quality assurance should be
order of time investment required) to: feasible. In general, following the recommendations of
the Korsmeyer et al. [22] pilot project assessment of
determine seriousness of second- and third-order
PRACA would be a substantial improvement. However,
implications19 and take proper action;
it is important for PRACA to be seen as a dynamic
nd out the root cause of the deviance;
information system, in the same manner that the Shuttle
explore parameter space to determine the target
is not an operational vehicle.
problem s response to swings in variables like
temperature, wind shear, humidity, etc.
6. Conclusion
Such normalization of deviance quality control
seems necessary as engineers often do not realize that a
The organizational failures highlighted by the Colum-
given anomaly has been effectively normalized. A
bia and Challenger tragedies show that NASA s human
discovery task force that had considerable latitude,
space ight program is broken. Sally Ride has been
analysis capabilities and the ability to allocate resources
quoted as saying that she hears echos of Challenger in
for expedited deviance research would be ideal. Infor-
the Columbia investigation.22 This is not mere coin-
mation technology could also be leveraged as part of the
cidence. As Dr. Diane Vaughan said at the beginning of
PRACA system (see below) so as to have alarms that go
her CAIB testimony, When you have problems that
off when tracking speci c systems.20
persist over time, in spite of the change in personnel, it
means that something systematic is going on in the
5.4. Improve PRACA
organizations where these people work. [7].
NASA is in desperate need of organizational change
The relevant section of the Space Shuttle Independent
to shake off the lingering remnants of path dependence
Assessment Team s (SIATs) report (p. 28 of SIAT [21])
left over from the days of Apollo. The entrenched
and the NASA Ames pilot project assessment [22]
bureaucracy inherited from the Apollo/Gemini pro-
concerning PRACA are quite revealing. These docu-
grams is far from ideal given the present environment.
ments show that the main piece of information
While such change will not happen overnight, it should
infrastructure that NASA uses for Space Shuttle risk
not take as long as the 17-year period between the
assessment, problem trending and reporting is woefully
Rogers Commission Report and Columbia. It is essential
out of date, cumbersome, complicated and inaccurate.
for NASA to be able to use its resources as ef ciently as
PRACA contains much of the institutional memory of
possible to effectively develop, explore and promote
the Space Shuttle program s operations and, as such,
space. The expense of an aging shuttle and a brand-new
can be a very powerful tool if used effectively.
space station that has questionable scienti c returns
Unfortunately, using PRACA effectively required a
have blunted NASA s blade. If the goal is to have an
team of 10 engineers and 3 quality inspectors 21
operational space transportation vehicle, then this needs
to be a design goal of a new vehicle much how
19
For example, foam shedding is a rst-order problem foam is
airplanes were initially brought into commercial service.
shedding when it is not supposed to. Foam damaging tiles is a second-
order problem foam that was not supposed to be shed in the rst If the goal is to be able to transport cargo to an LEO
place has caused spacecraft damage. The destruction of the Shuttle is a infrastructure, the design requirements are different. By
third-order problem.
having both such functions built into something like the
20
For example, there could be a deviance alarm that signals when
Space Shuttle, we are bound to come up with something
the Shuttle is in danger of going below its lower temperature threshold
of 1 C based upon weather data as part of launch preparation.
21 22
See p. 32 of SIAT [21]. See Vaughan CAIB testimony [7].
ARTICLE IN PRESS
J.L. Hall / Space Policy 19 (2003) 239 247
246
that is not quite a cargo hauler and not quite safe for If NASA cannot do these things, it may be time for a
human transportation. It would appear that the Shuttle stand-down in human space ight. Current resources
is such a vehicle. If the goal is to continue NASA s could be channeled to speci c technical activities in the
mission while minimizing failure, then it is on the brink pure sciences or in preparation for future human
of a signi cant and necessary period of organizational space ight endeavors. As it stands, the most costly part
change. of a space mission is in getting the mission payload into
In the current environment after a second major loss space. Breakthroughs in propulsion technology will not
of life and vehicle NASA is in a unique position to come easily at our current level of investment. Under
critically evaluate what organizational structure is such a human-space ight hiatus, resources could be
appropriate given its current environment and how to focused to further development of human-space ight
make it happen. The organizational failure exposed by technology or champion a Lewis and Clark-style
the Columbia and Challenger accidents and the discus- mission to Mars. Such a mission would employ a
sion developed in this paper point to two signi cant craft that would manufacture the fuel needed for the
but dif cult and complex facets of the current NASA return trip from what is available on the surface of
organization that will soon need direct consideration: Mars and cost roughly 6% of traditional Mars
architectures that require on-orbit construction of a
large craft [23].
Political and bureaucratic pressures: Drastically chan-
In fact, a crucial aspect of the current state of affairs
ging the organization of NASA in order to atten
has been left out of this discussion. That is, by
hierarchy and increase collaboration will be dif cult
consciously deciding to focus on LEO orbital infra-
for political and bureaucratic reasons. Members of
structure (the Shuttle and Space Station), much of the
Congress do not engender the support of their
excitement of the early space program has been lost.
constituents by facilitating the restructuring of
Presumably, we are past the exploratory stage of human
NASA and the NASA centers, especially when such
space ight and it is time to build. However, this author
action could mean unemployment or loss of technical
prestige. Career bureaucrats and the love handles 23 contends that, instead of risking human lives on the
Space Shuttle to launch groceriesy to the station,24
of NASA management will also not feel compelled to
the use of astronauts in risky situations should be
make decisions that mean the loss or reassignment of
reserved for pushing the limits of human space ight or
their own jobs or the increased costs of collaboration.
where there are no other reasonable alternatives.25 A
This segment of the NASA work force will argue
return to the Moon to establish a lunar base, telescope
vigorously that the system can be xed in its current
or 3H (tritium) processing facility26 or to Mars for
form and will speak about organizational-level
oposes recommendations for the future.
r 2003 Elsevier Ltd. All rights reserved.
Contact this candidate