How the Space Shuttle program nearly ended in disaster
- The explosion of the Challenger put NASA on notice that the Space Shuttle program was far less safe than they had believed.
- On just the second flight after Challenger, the shuttle Atlantis sustained significant damage. The mission commander recalls that he believed the crew would die.
- If things had gone a bit differently, NASA’s continuing safety problems would likely have ended the Space Shuttle program in 1988.
The explosion of the Space Shuttle Challenger on live TV in 1986 was a punch to the gut of America’s confidence in NASA and its shuttle program. Flights were paused for more than two years to conduct reviews and make internal changes. After launches resumed in 1988, no further lives were lost for nearly 15 years, a streak that ended in 2003 with the destruction of Columbia upon atmospheric re-entry.
However, an event in just the second shuttle mission after the Challenger disaster calls into question whether this series of 81 consecutive successful flights was the result of NASA stepping up its game, or just dumb luck.
In the aftermath of Challenger, famed physicist Richard Feynman took apart NASA’s safety calculations. Feynman noted that NASA management believed — or claimed to believe — that the risk of loss for any single shuttle flight was roughly 1-in-100,000, or 0.001%. This was a preposterously low estimate. The official report on the disaster contains a number of demonstrations of overconfidence much like this one. For instance, no crew escape option was provided after the test flight series, because NASA concluded that “after the test flights, all unknowns would be resolved, and the vehicle would be certified for ‘operational’ flights.”
The real dangers of space shuttles
Feynman reviewed the safety procedures, test results, measurements, and calculations by engineers working for NASA and its contractors. According to the physicist, these suggested that multiple systems would have failure rates of perhaps 1-in-50 at worst, or 1-in-500 at best — a range of roughly 0.2% to 2%. Some of these failures were fatal, while others were not. Feynman synthesized this information through a series of smart estimates and logical deductions. He calculated the real chance of losing a shuttle flight as being on the order of 1%, specifying that it would be hard to be more accurate.
As was often the case, Feynman’s calculations turned out to be correct. Of course, he also had several good sources telling him this should be so. The thinking was not hard, but the bureaucracy bungled it.
Thirty months elapsed between the Challenger accident on the 25th Shuttle flight and the next flight, in 1988. That mission, STS-26, was flown by the shuttle Discovery. It had some issues with thermal insulation tiles, but returned safely with no major incidents. Three months later, Atlantis flew the next mission.
The events of STS-27 are recalled by the mission commander, Robert Gibson. During takeoff, the right-side solid rocket booster — the thin white rocket attached to the giant orange external fuel tank — shed a piece of insulation. This chunk of foam smashed into the underside of the ascending shuttle, gouging some 700 of its heatshield tiles and knocking one of them completely off. This was by far the worst heatshield damage that a shuttle had experienced up to that time, and it would remain so until the shuttle Columbia’s ill-fated STS-107 mission.
Aboard Atlantis the astronauts had no clue what had happened until mission control asked them to inspect the ship with a camera mounted on the shuttle’s robotic arm. The live feed terrified the commander. As Gibson recalls, “I will never forget … We first brought up the [camera] and I said to myself, ‘we are gonna die.’” He immediately asked ground control to review the damage.
The shuttle was carrying a classified Department of Defense payload, however, and the mission security procedures forbade transmission of images or video to ground control. An agreement was struck with DoD to beam down a low-speed encrypted video, showing only the underside of the craft. The limited technology of the time produced a grainy, nearly incomprehensible image at the receiving end. The call came back to the ship: no problem. The ground team had interpreted the damage as lights and shadows in the lousy video. Atlantis carried out its mission as planned and prepared for re-entry.
During the landing, Commander Gibson rehearsed in his head the events that would occur should the heatshield damage lead to penetration of the vehicle. The drag on the right side would go up as atmospheric friction with the damaged wing increased. The ship’s computer would fight this by adjusting the trim on the flaps, requiring more and more adjustment until it could no longer stop the ship from losing control. Gibson knew that if the flap correction went far enough, the crew would be doomed. These events bear an eerie similarity to the reconstruction of Columbia’s last moments, 15 years later. Gibson’s crewmate Mike Mullane recalled that the commander told him to relax: “no reason to die all tensed up.”
Living with the risks
These worries came to nought, and the craft landed successfully. Once on the ground, the crew, along with NASA engineers and officials, inspected the ship and saw the extent of the damage. The metal of the ship was partially melted at the location of the missing tile. Fortunately, this area of the craft had a steel plate covering the underlying aluminum. The plate bought time as it melted away more slowly. The shuttle was able to complete re-entry before the aluminum could burn fully through and set off events that would have destroyed the ship. In retrospect, it was clear that the damage had been very serious, that the shuttle was in danger, and that the video encryption had placed security above safety in a potentially life-or-death situation.
Heatshield damage on takeoff persisted as an intermittent problem throughout the duration of the Space Shuttle program. A similar failure is what destroyed Columbia during STS-107, when a piece of foam broke off during takeoff and impacted the shuttle heatshield in a less lucky spot. It also proved Feynman right: Two losses out of 135 missions is roughly a 1.5% failure rate. STS-27 suggests that this total could have been higher still: Three losses would have been a 2.2% failure.
Despite this near-miss, NASA continued to fly shuttle missions and live with the risks. Just like the famous failure to properly address compromised O-rings doomed Challenger, the failure to address heatshield damage from falling foam chunks eventually doomed Columbia.