PRA - Public's Risk Assessment on Safety

Derek Lyons wrote:

Yep, the ol' tunnel trio: Time, Distance, and Shielding



One can never drive the risk to zero since that would require n levels
of redundancy, n infinite. That's where "acceptable risk" comes in.
The definition of "acceptable risk" is of course quite subjective.



Yep. It's made worse when the perceived risk is driven by the
assumption that "routine" = "safe as a nursery school".



Or, in the case of Soviet submarines,"routine" = "as safe as a gulag"....

Pat

Pat Flannery wrote in
:

This is going to be a very difficult problem to solve...as it requires
NASA to analyze failure modes that only manifest themselves when a
perceived minor problem interacts with another perceived minor problem
in an unanticipated way- maybe there should be a separate entity inside
the agency, made up of top-quality engineers whose sole purpose is to
locate such possible interactions, and issue "No-flights-till-fixed"
orders when such a problem is found- to be effective, such a entity must
not be beholden to NASA management in any way, so that the "keep quiet,
and keep your job" mindset can be broken...if one were looking for some
engineers to staff such a NASA department...then the engineers who were
shooting those concerned e-mails back and forth about the damage to
Columbia from the foam strike would be a good place to start.

There is a danger from going too far the other way, however.

"Paralysis by analysis."

You can *always* find a reason not to fly. An organization so predisposed
will not fly.

--
JRF

Reply-to address spam-proofed - to reply by E-mail,
check "Organization" (I am not assimilated) and
think one step ahead of IBM.

(Derek Lyons) wrote in
:

"Jorge R. Frank" wrote:

An argument could be made that the fleet should have been grounded
after STS-112, when it was discovered that foam had been shed from the
ET bipod ramp (for the first time in over a decade, IIRC). This would
have required recognition of the foam-shedding as a safety-of-flight
issue rather than a maintenance issue. However, the shuttle program
faces thousands of maintenance issues all the time. How does a manager
pick the safety-of- flight "signal" out of the maintenance "noise"?

That's the part that perplexes me, and others as well. Given the
history of groundings in the last half decade, what made the foam
different?

I don't think there's a short answer to that. It's not like NASA didn't try
to solve the foam-shedding - they were periodically tweaking the foam
formulation and application processes. It may well have come down to "gut"
judgment: it's easy to see how cracked MPS flowliners, hydrogen leaks, and
frayed wiring can cause fatal accidents, so managers promptly grounded the
fleet after learning of each of these problems. But no one seemed to have
"connected the dots" that 1) if *part* of the ET bipod ramp can come off,
then *all* of it can come off - and that's a *lot* of foam; 2) if foam
comes off in supersonic flight, it will decelerate *very* rapidly and
potentially hit the orbiter *very* hard; and 3) a hard foam impact carries
enough kinetic energy to cause fatal damage to RCC.

I probably need to read _Normal Accidents_ some time; from other posts
I gather that it addresses some of these issues, so that I can stop
asking stupid questions.

It's a damm good read.

Thanks for the recommendation!

--
JRF

Reply-to address spam-proofed - to reply by E-mail,
check "Organization" (I am not assimilated) and
think one step ahead of IBM.

And arguably the same is true post SRB ignition for Columbia. Sure
there were possibilities, but none with significant and elevated risks
themselves. Worse yet, all of those hinge on early detection and
decisive action.
With regard to the in-flight decision-making, I agree with you.

Hmmm..the largest piece of foam ever seen, hitting the TPS in contrast to
the SRB for the previous flight, and potentially at a place for which no
data existed? At least, somebody should have said - in particular, given
the scant quantity and bad quality of tracking images - that there was
insufficient knowledge to _exclude_ a safety of flight issue.

Jan

Jorge R. Frank wrote:

There is a danger from going too far the other way, however.

"Paralysis by analysis."

You can *always* find a reason not to fly. An organization so predisposed
will not fly.



That's why I think that such a group should be made up of NASA veteran
engineers....they would have the best chance of being able to analyze
what constituted a real risk versus a simple annoying problem that could
be addressed when time and budget allowed; we have had two near fatal
single point problems regarding the Apollo spacecraft (Apollo 13's
oxygen tank rupture, and the leaking RCS propellants on the Apollo from
the ASTP leading to crew inhalation and failure of one of the three
landing parachutes... in both cases these were things that could not
have been foreseen before the launch....but in the case of Challenger,
the gas leakage on the SRB was foreseen by the engineers who tried to
have the launch stopped...only to be overruled by managment...in the
case of Columbia, the engineers were probably concerned about foam
shedding in regard to vehicle damage based on past experience; and very
concerned once they saw the foam impact during ascent...but again their
input (small that it was- they mainly talked among themselves about it;
and that is very troubling in itself, as it indicates that they were, in
their own opinion, outside the loop as to having real input into flight
decisions on-orbit) didn't change the mission's flight profile in
regards to trying to get a look at possible damage, or planning for a
possible abnormal reentry (not that either of these would probably had
any effect on the final outcome of the mission). The use of outside
contractors for Shuttle mission support and between-mission maintenance
makes the need for some sort of completely independent safety analysis
doubly important in my opinion, as the support companies have a vested
economic interest in maintaining a smooth flight schedule; both to avoid
being penalized for poor performance, and to maintain their contracts-
while receiving incentive rewards for on-time launches. This means that
they have a possible conflict of interest in regards to the safety of
launches, as it will be in their interest to regards to corporate
profits to assure that the vehicle flies on time every time....even when
there are possible flight safety concerns; whatever else one can say in
regards to Boeing's foam strike analyze of damage to the Columbia, the
simple fact remains that they were wrong....whatever else can say in
regards to Lockheed/Martin's external tank, the fact remains that it was
consistently shedding foam in larger or smaller pieces during virtually
all flights; which under NASA's own guidelines for Shuttle safety was an
unacceptable situation.
Anyway, the CAIB has just started giving its report, so I'll wait to
hear what they say.


Pat

"Jorge R. Frank" wrote:
There is a danger from going too far the other way, however.

"Paralysis by analysis."

You can *always* find a reason not to fly. An organization so predisposed
will not fly.

As a collory to this, I'd like to toss in an article of faith from the
Navy; "Any inspection can always find something f****d up, no matter
how competent the folks being inspected are".

We firmly believed that the inspections teams searched through obscure
regs and directives in order to have something, anything, to fry a
crew.

D.
--
The STS-107 Columbia Loss FAQ can be found
at the following URLs:

Text-Only Version:
http://www.io.com/~o_m/columbia_loss_faq.html

Enhanced HTML Version:
http://www.io.com/~o_m/columbia_loss_faq_x.html

Corrections, comments, and additions should be
e-mailed to , as well as posted to
sci.space.history and sci.space.shuttle for
discussion.