This document summarizes investigations into two space shuttle disasters - the Columbia disaster of 2003 and the Challenger disaster of 1986. For both accidents, the initial investigations focused only on technical causes but later independent investigations took a broader view, examining organizational and human factors. The Columbia Accident Investigation Board determined that organizational issues within NASA, like budget cuts and scheduling pressures, contributed to NASA's failure to address known risks from foam shedding. The Rogers Commission also identified organizational failures, finding that NASA managers disregarded engineering concerns about low temperatures affecting the O-rings. Both accidents highlight the importance of considering multiple causal factors beyond just technical issues.
2. SPACE SHUTTLE
COLUMBIA DISASTER
On the 1st February 2003 A critical
systems failure occurred on the
space shuttle Columbia (STS - 107) on
its re – entry to the earth’s
atmosphere.
This caused the disintegration of the
shuttle leading to the death of all
seven crew members.
STS-107 flight insignia
4. NASA’S INITIAL
INVESTIGATION
The Columbia re-entry data showed that there was a loss of
temperature sensors and of hydraulic systems in the left
wing, indicating severe over heating.
Image of shuttle taken during re-entry shows
damage to the left wing’s leading edge
5. This initial data focused the investigation on the possibility
of a a foam strike.
This is when foam from the shuttle’s largest
component, the external tank, sheds and
collides with other areas of the or shuttle
during launch.
External Tank
The theory that is was a foam strike
was compounded by the fact that
foam sheading was a know problem
that had damaged previous orbiters
Columbia launch
6. FOCUS OF
INVESTIGATION
The investigation focused entirely on the technical causes of
the accident.
No formal model was used in the investigation.
No attempted was made to investiigate the human
and organizational cause of the accident.
7. RESULT OF
INVESTIGATION
It was conclude that the damage was
due to the foam sheading of the least
left bi-pod ramp causing a breach in the
reinforced carbon – carbon panels in
the left wing.
Left bi-pod ramp
The result of this was to retrain
employees at the assembly facility to
apply foam without defects.
THIS WAS THE INCORRECT
CAUSE
8. Technical causes
Root cause
Shuttle
Bi-pod
Foam overheats
damages left
applied dues to RCC
wing on
incorrectly damage on
launch
re-entry
9. COLUMBIAN ACCIDENT
INVESTIGATION BOARD
This was an independent investigation board. The board
analyzed the accident in more robustly.
Took into account technical cause, human cause and
organizational cause.
Investigation made use of effective modeling
approaches.
Came to a different conclusion.
(Board, Columbia Accident Investigation, 2003)
10. FOCUS OF
INVESTIGATION
Technical
Carried out test to confirm that foam could have caused
damage to the RCC panels on the left wing. Used
compressed air gun to fire foam at wing leading edge.
Conducted further research into
the fitting of the foam concluded
that due to the technical and
organizational controls in place
the fault could not have occurred
there.
Compressed air gun
used to fire the foam.
11. Organizational
Several faults with NASA as an organization contributed to
the accident.
NASA’s reluctance to curb operational ambition in line their
shirking budget meant that greater efficiency had to be
achieved. This caused the schedule to be tightened; as a
result the workloads and the stress of the staff increased.
NASA budget
as percentage
of federal
budget
12. NASA was also found to have inadequate decision making
and risk-assessment processes.
NASA management knew about the foam sheading problem
for over 22 years before the accident occurred.
The failure to correct the problem was due to conflict
interests of managing positions. The managers not
only had to ensure safety but they also had to make
sure the launch was on schedule and in budget.
13. MODELING USED IN
THE INVESTIGATION
Investigation used fault trees to model the accident.
A graphical representation of
all the events that could lead to a
system failure.
Each element in a fault tree represents a factor: technical,
human or organizing that could cause the element immediately
above it to fail.
This is ideal for modeling complex socio-technical systems, as
you can clearly see the chain of events that could lead to a
catastrophic system failure.
It is an effective tool for finding the correct chain of events
through a process of elimination.
15. RESULT OF
INVESTIGATION
Organizational Technical causes
causes
NASA Left foam bi-
Management pod collides
Nasa’s Shuttle over Shuttle
failed to act with RCC
budget is cut heats disintegration
on known panels on
problem wing
16. ACADEMIC
LITERATURE
Studying organisational cultures and their effects on safety
(Hopkins, 2006)
Beyond Normal Accidents and High Reliability Organizations: The Need for an
Alternative Approach to Safety in Complex Systems
( Marais, Dulac, & Leveson, 2004)
Both agree that a major factor contributing towards the accident was NASA
organizational culture.
A Framework for Dynamic Safety and Risk Management Modeling in Complex
Engineering Systems
(Dulac, 2007)
Takes it a step further and analyzes NASA using STAMP modeling
the paper finds that STAMP is ideally sited with its control framework to
model every aspect of NASA: social, organizational, technical and how they
interact.
17. CHALLENGER
DISASTER
On January 28, 1986
the space shuttle
Challenger (STS-51-L)
broke apart in flight,
minutes after take off,
killing all of its 7 crew
members.
STS-51-L flight insignia
18. INVESTIGATION INTO THE ACCIDENT
Above image shows the Challenger disintegrating 73 seconds after launch
19. ROGERS COMMISSION
(PRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident,
1986)
Presidential Commission on the
Space Shuttle Challenger Accident
was an independent investigation
into the accident.
Solid Rocket booster
The investigation found that the
right solid rocket booster become
separated, causing damage to the
external tank. This led to the
destruction of the shuttle by
aerodynamic forces.
20. The investigation found that the O-ring joint failure was the
cause of the accident.
The O-ring sealed a joint connecting
the solid rocket booster to the main part
of the shuttle
Both the primary and secondary O-rings failed, allowing
heated gases and flames to escape and make contact with
the external tank, causing a structural failure.
21. FOCUS OF
INVESTIGATION
Technical
The O-ring joint was know to be inadequate and was in the
process of being redesigned. It was found that in pervious
flights O-ring erosion had occurred which rendered the
secondary O-ring useless.
Organizational
On the day of launch engineers were concerned that the
temperature was too low to launch(-2.2C lowest launch
temperature recorded) and that there was to much ice on the
shuttle. O-rings would not perform correctly at this
temperature.
NASA management was told of this issue but it was deemed an
acceptable risk and the launch went ahead.
22. RESULT OF
INVESTIGATION
Technical concerns- the sold rocket boosters were
redesigned.
Organizational concerns- A new safety office was
created to allow better communication
and risk assessment.
Cause
Ice conditions not
Root assessed
correctly Organizational
O-ring failure
Shuttle
caused rocket
disintegrated
booster to detach
Design flaw in O-
rings Technical
23. ACADEMIC
LITERATURE
Understanding the Challenger Disaster: Organizational
Structure and the Design of Reliable Systems
(Heimann, 1993)
A critical analysis of factors related to decisional processes
involved in the challenger disaster
(Gouran , Hirokawa,, & Martz, 1986)
These papers both focus on the decision making
process at NASA and why it how this process can be
made more robust.
24. REFERENCES
Marais, K., Dulac, N., & Leveson, N. (2004). Beyond Normal Accidents and High Reliability
Organizations: The Need for an Alternative Approach to Safety in Complex Systems.
Cambridge.
Board, Columbia Accident Investigation. (2003). Columbia Accident Investigation Board Vol 1.
Washington, D.C: Columbia Accident Investigation Board.
Dulac, N. (2007). A Framework for Dynamic Safety and Risk Management Modeling in Complex
Engineering Systems. Cambridge: MIT.
Gouran , D. S., Hirokawa,, R. Y., & Martz, A. E. (1986). A critical analysis of factors related to
decisional processes involved in the challenger disaster. Central States Speech Journal , 37.
Heimann, C. F. (1993). Understanding the Challenger Disaster: Organizational Structure and
the Design of Reliable Systems. The American Political Science Review , 87, 421-435.
Hopkins, A. (2006, December). Studying organisational cultures and their effects on safety.
Safety Science , 44, pp. 875-889.
Keong, T. H. (1997, July 9). Risk Analysis Methodologies. Retrieved June 8, 2012, from
pacific.net.sg: http://home1.pacific.net.sg/~thk/risk.html
PRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident. (1986). Report of the
PRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident. Washington, D.C.:
PRESIDENTIAL COMMISSION on the Space Shuttle Challenger Accident.