Add to collection(s) Add to saved
  1. Business
  2. Management

Challenger Accident updated Jun 09

advertisement 
“engineers and managers together developed
a definition of the situation that allowed them to
carry on as if nothing was wrong when they
continually faced evidence that something was
wrong.”
Challenger Accident
or
what you think you know can still hurt you
-Much of what you
think you know about
Challenger is wrong
since it is strongly
influenced by hindsight
--The big challenge in
accident investigations
is overcoming “How
could they have been
so careless/stupid”
type thinking, which
seriously degrades our
ability to learn useful
information
CAPT RT Soule
Supervisor of Shipbuilding
Newport News
Outline
•
•
•
•
•
•
•
•
•
NASA Shuttle Organization
What We Think We Know
Why Most Accident Investigations Get “it” Wrong
Flight Readiness Reviews
Brief History of Solid Rocket Boosters (SRBs)
One Explanation: Normalization of Deviance
SRB Specific Case
Eve of the Launch
Premise of the book is that individual behavior
Conclusions
cannot be understood without considering its
organizational and environmental context.
References
• Report of the Presidential Commission on the
Space Shuttle Challenger Accident
• The Challenger Launch Decision: Risky
Technology, Culture, and Deviance at NASA,
Diane Vaughan
• http://www.fas.org/spp/51L.html
• http://ethics.tamu.edu/ethics/shuttle/shuttle1.htm
• Just Culture, Sidney Dekker
• Tenerife Air Disaster, Karl Weick
NASA Shuttle Organization
• Johnson Space Center, Houston TX
– Orbiter management
• Marshall Space Flight Center, Huntsville AL
– Propulsion system (Main Eng, External Tnk, SRBs)
• Kennedy Space Center, Cape Canaveral FL
– Assembling components, launch
• Morton Thiokol Wasatch, Brigham City UT
– SRB Prime Contractor
What We Think We Know
• NASA compromised safety for cost and
schedule
• NASA pressured Morton Thiokol to launch
• NASA ignored the O-ring risk
• Accident cause was O-ring failure
complicated by bad weather
Getting it Wrong
To understand failure
• Don’t ask
– Where did they mess up?
– Why didn’t they notice what we find important
now?
• The real question is
– Why did it make sense for them to do what
they did? Otherwise, if they knew what you
know after the fact, they would not have done
what they did.
Getting it Wrong (cont’d)
• We want to find a cause
“If there is no...cause, then the world is a more
disordered and dangerous place Accident
reports, and much of the history we write,
struggle to hold that nightmare at bay”
(Galison,2000,p.32)
Flight Readiness Review
Mission Management Team
Level 1
Flight Readiness Review (FRR)
Level 2
Pre-Flight Readiness Review
Level 3
Marshall Space
Flight Center
FRR
Level 4
Kennedy Space Center Launch
Readiness Review
Main Engine Contractor
Solid Rocket Booster Cr
External Tank Contractor
Johnson Space Center
Orbiter Contractor
Shuttle Processing Contractor
System Integration Contractor
Risk Management
• Risk cannot be eliminated, must be
managed
• NASA Acceptable Risk Process
– Formal, technical, layered review
• Flight Readiness Review
– Show shuttle ready to fly and fly safely
– Delta Review Concept
History of the SRBs
• Designed by MT,
based on Titan III
• Differed fm Titan III
– Segment
sealing method
– Higher
combustion
pressure
– Reusable
Joint Rotation
• Tendency to bend
open
• Joint deviated from
industry std
• More tests
necessary to show
risk acceptable
History of the SRBs
SRB
Assembly
Normalization of Deviance
• Production of Culture
• Culture of Production
• Limited Knowledge
Production of Culture
• Work Group Culture
• How Culture Is Produced
– Language used
– Types of meetings, formal rules
– Tests and analyses
– Schedule procedures
– Complex problems
Culture of Production
• Production mentality -> get the job done
• Need to maintain shuttle launch schedule
• Pressure not to delay launch
Limited Knowledge
• Built-in impediments to knowledge flow
– patterns of information
– organizational structure, processes
• Impact
– mixed, weak, routine signals
– unequal information
SRB Specific Case of
Normalization of Deviance
• Re-defined deviation as acceptable
– Danger signals
– Official recognition of increased risk
– Evidence review
– Risk acceptance (not joint redesign)
– Launch
Eve of the Launch – 26 Jan
•
•
•
•
Launch date slipped from 22 Jan to 26 Jan
Launch postponed to 27 Jan – bad wx
Launch postponed to 28 Jan – mech probs
1300 27 Jan
– NASA asked MT to review effect of cold on
SRM performance
• 1530 EST MT O-ring task forces meets in
UT
Eve of the Launch – 27 Jan
• 1745-1830, Telcon 1
– MT Engineers recommend delaying launch
• 2045-2315, Telcon 2
– MT tried to prove launch risk not acceptable
< 53 F
– NASA challenged
– MT management decision
– MT recommends launch
Eve of the Launch – 28 Jan
• 0130 – Temp 29 F
– Ice inspection
– Rockwell asked about impact of ice on Orbiter
• 0700, 0830 – Two more ice inspections
• 0900 – Final NASA – Contractor mtg to
assess readiness
• 1030-1055 – Final ice inspection, Temp
36F
Teleconference Participants
Morton
Thiokol
Kennedy
Space
Center
Marshall
Space
Flight
Center
Eve of the Launch
• 1745-1830, Telcon 1
–
–
–
–
MT Engineers recommend delaying launch
Thiokol too no official position
Connection bad, not all people could hear
45 min, unstructured data discussion
• There were no documents to lead or follow the discussion
– Agreed to a follow up telcon using FRR format
– Key Question: If primary O-ring did not seal, would
sec O-ring seal before resiliency became more
significant?
Eve of the Launch
• Between Conferences
– Not everyone in the East was available
– Thiokol engineers working on Rec’s/Concl’s did not
have access to all charts
• 2045-2315, Telcon 2
– MT tried to prove launch risk not acceptable < 53 F
– NASA managers felt correlation of joint failure with
temperature was not proven by Thiokol
– MT management risk decision
– MT recommends launch
Eve of the Launch (just included to capture
extra notes)
• Between Conferences
– Not everyone in the East was available
– Thiokol engineers working on Rec’s/Concl’s did not
have access to all charts
• 2045-2315, Telcon 2
– MT tried to prove launch risk not acceptable < 53 F
– NASA managers felt correlation of joint failure with
temperature was not proven by Thiokol
– MT management risk decision
– MT recommends launch
Post Accident Temperature Analysis
3
STS-51-C
Number of Incidents
61A
2
41B
41D
41C
1
61C
0
50
55
60
STS-2
65
70
Calculated Joint Temperature, Degrees F
75
80
Post Accident Temperature Analysis
3
STS-51-C
Number of Incidents
61A
2
41B
41D
41C
1
61C
STS-2
Flts with
no
incidents
0
50
55
60
65
70
Calculated Joint Temperature, Degrees F
75
80
Eve of the Launch – 28 Jan
Eve of the Launch – 28 Jan
• 1125 – Terminal
countdown
• 1138 – STS 51 – L
launched, Temp 36 F
• T + 73 sec – Fireball
erupted
Summary
• On Navy ships, shipyards, Rx Depts, there is
always pressure to produce
• Even processes designed to make us safer can
lead us astray (if we don’t use them well)
• Failure does not strike like bolt from the blue
…(there are signs, but you must know where to
look)
• There are no simple fixes …(but there are things
that can make us safer)
Summary
• Signs that failure may be near:
– You are in a hurry (behind schedule or near the end of
shift)
– You want something very badly (or expect something)
– You rushed through the brief (or did not do one)
– You don’t know what to expect after you act
– You are preoccupied
– No one disagrees with you (or asks any questions at
a brief)
– You are doing something for the first time/infrequently
– Something does not “feel” right
Summary
• Things that can make us safer:
– Welcome disagreement
– Speak up when you have a question or don’t
understand, you may be the only one who
sees “the problem”
– Spend more time thinking about what could
go wrong, how you would know, and what you
could do about it
– Learn to trust your sense that it’s not right
For Further Study
• http://rtsoule.squarespace.com/filestorage-area/carl-vinson/
• http://www.fas.org/spp/51L.html
• http://ethics.tamu.edu/ethics/shuttle/shuttle
1.htm
• http://onlineethics.org/CMS/profpractice/pp
essays/thiokolshuttle/shuttle_post.aspx
• http://onlineethics.org/CMS/profpractice/ex
empindex/RB-intro/Erosion.aspx
Further Reading
• Challenger Launch Decision, Vaughan
• Dekker: Ten Questions, Just Culture
• Managing the Unexpected, Weick, Sutcliff
Backup Slides
Mission
STS-2
Nov 81
Danger
Signal
STS-41B
Feb 84
STS-41D
Aug 84
STS-51C
Jan 85
Erosion 1°
of
erosion,
Primary 2 joints
1° Blow
by
Blow by 2°
reached eroded,
2°
1° failed
Recogniti
on
Only MT
Started
and Mrshll tracking
Engrs
officially
Reviewed
at all levels
of FRR
Major
review Feb
85, all FRR
Launch
Constraint
Imposed
Review
Calcs
Low temps
before
launch
1° out of
position,
tests, calcs
Acceptan
ce
Altered
Erosion
installation acceptable,
process
redund not
impacted
Performed
as
predicted
Low temps
rare, blow
by within
experience
base
Altered
installation
process to
seal Orings better
Launch
STS-3
Nov 82
STS-41G
STS-51E
STS-51F
Self-limiting Blow by
small, self
limiting
STS-41C
Apr 84
STS-51B
Apr 85
Related documents
HTS 2084
HTS 2084
10-pageBusinessPlanTemplate_002
10-pageBusinessPlanTemplate_002
Tom Bobich - Summary with Targets
Tom Bobich - Summary with Targets
Space Shuttle Speed vs Time Time
Space Shuttle Speed vs Time Time
Picture Your Strategy
Picture Your Strategy
10-pageBusinessPlanTemplate_003
10-pageBusinessPlanTemplate_003
Photos: Scale Launch (1/17/10)
Photos: Scale Launch (1/17/10)
Some common marketing terms
Some common marketing terms
Download
advertisement