IAASS
Organizing space – The big picture
By
T. Sgobba
IAASS
International Association for the Advancement of Space Safety
1
IAASS
Government regulations, prescriptive requirements and obsolescence risk
International Association for the Advancement of Space Safety
2
IAASS
Prescriptive requirements not suitable for fast evolving industry
•
A prescriptive requirement is an explicit design requirement or technical solution solution for an
implicit safety goal. Use of prescriptive requirements is an old-fashioned way to pursue safety. The
modern approach revolves around building “safety cases”.
•
In the early hours of 15 April 1912, the RMS Titanic struck an iceberg on her maiden voyage from
Southampton, England, to New York, USA and sank. A total of 1,517 people died in the disaster
because there were not enough lifeboats available, however the ship was fully compliant with the
requirement of the time.
•
Alexander Carlisle, one of the managing directors of the shipyard that built the Titanic, had suggested
some minor modifications to give Titanic the potential of carrying 48 lifeboats, providing more than
enough seats for everybody on board. But in a cost cutting exercise, the customer (White Star Line)
decided that only 20 would be carried aboard thus providing lifeboat capacity for only about 50% of
the passengers on the maiden voyage. This decision, was in line with the Board of Trade regulations
of the time, which stated that all British vessels over 10,000 tons had to carry 16 lifeboats. The
regulations were clearly out of date in an era where the size of ships had reached up to 45,000 tons.
International Association for the Advancement of Space Safety
3
IAASS
Prescriptive requirements not suitable for fast evolving industry
•
There are three major elements in the definition of what is a “standard”: a) being something
universally and widely agreed, b) being the minimum acceptable, and c) being approved and
monitored for compliance by an authoritative organization
•
Often it is considered that universal agreement can be reached only as a result of long and successful
application of a technical practice, that is then “promoted” to the level of standard. Traditionally
safety (technical) standards, are not just the enunciation of generic theoretical principles or goals, but
they include and often mandate specific design solutions. In other words, traditionally, safety
regulations and standards tend to be detailed and prescriptive. The aim is to ensure effectiveness and
prevent circumvention by avoiding any subjective interpretation in the implementation and
compliance verification. The violation of a requirement can be then unequivocally determined by
inspection (and prosecuted)
•
The vast majority of standards in use in aviation, for example, are the result of accumulated
experience (i.e. accidents and incidents) and steady technological evolution in the post-war period.
They are detailed according to type and prescriptive
•
In contrast there are industries in which building on experience is simply not possible, because the
system is completely new, highly safety-critical and/or extremely expensive.
International Association for the Advancement of Space Safety
4
IAASS
Prescriptive requirements not suitable for fast evolving industry
International Association for the Advancement of Space Safety
5
IAASS
The safety-case regime
•
The safety-case regime recognizes that the regulatory authority has the role and responsibility to
define the “safety goals and objectives”, while the developer/operator must be in charge of proposing
valid detailed technical solutions, due to its in-depth knowledge of the system design and operations
•
The implementation of a safety-case based regulatory regime has a number of important
consequences. One is that both the design team and the safety certification team must have a deep
knowledge of how the system works in order to understand the relevant hazards and the soundness of
the design controls selected to mitigate the risks. In principle the safety certification team should be
even more knowledgeable and experienced than the design team
•
As a consequence a certification team is better composed by independent experts, engineers and
scientists drawn from industry than by government bureaucrats. Otherwise it would lead to extensive
duplication and continuous maintenance of technical resources and means comparable to those
available in industry
•
While the self-regulatory scheme of Classification Societies in maritime business was born from the
early need to provide support to insurance companies by assessing and mitigating constructional risks,
the self-regulatory approach proposed by IAASS for commercial human spaceflight is justified by the
unavoidable evolution of standards for a highly-advanced and fast-evolving industry, from being
prescriptive and static to be instead generic, goal oriented and dynamic.
International Association for the Advancement of Space Safety
6
IAASS
Lessons learned from deep water oil drilling
Deep water oil drilling is a high-tech industry. “Everyone thought that exploring the deep sea would be as
exciting as a trip into outer space. The reality, though, was different. Compared to conditions in the deep
sea, flying to the moon looked easy” (Klaus Wallmann, head of the Marine Geosystems Research Unit,
Leibniz Institute of Marine Sciences, Kiel, Germany).
Gulf of Mexico – 20 April 2010
“The gas and oil industry must move towards developing a notion of safety as a collective responsibility.
Industry should establish a “Safety Institute” …this would be an industry created, self-policing entity,
aimed at developing, adopting, and enforcing standards of excellence to ensure continuous
improvement in safety and operational integrity offshore” (US Presidential Commission on Deepwater
Horizon Disaster)
International Association for the Advancement of Space Safety
7
Re-entry breakup basics
• Space systems in LEO reenter
naturally at very shallow angle (<1
degree).
• Location of uncontrolled reentries is
unpredictable
• Major breakup at ~78 km
• 10 to 40% of mass survives reentry
and impacts the Earth’s surface
posing hazard to people and
property (e.g. of the ATV-1 mass of
12.3 tons about 3.5 tons in 183
fragments survived re-entry, 28.4%
of mass)
• Debris spread over long, thin ground
footprint (e.g. for ATV ~ 817km by
30km)
Saudi Arabia, 2001
Texas, 1997
30 kg
Brazil, 2012
Mongolia, 2010
South Africa, 2000
250 kg
250 kg
250 kg
Risk for aviation
Risk for aviation
Casualty expectations for people in commercial aircraft exposed to the risk
of falling fragments after Shuttle Columbia disintegration was 0.3
On average >27 fragments from random re-entry exceeds specified limit
for aircraft in hazard area
The core area of Europe has one of the highest air traffic density in the
world
On Sunday 15 November 2011, in the middle
of the Russian Phobos-Grunt uncontrolled
re-entry window, the EUROCONTROL
Network Management Operations Centre
received an international NOTAM from
Russian authorities, requesting European
States to close their airspace for two hours
Closing the European airspace for 2 hours could cost up to 20 Mln of Euro
Risk for aviation
The US Federal Aviation Administration (FAA) Office of Commercial Space
Transportation (AST) and the US Department of Defence co-sponsored the
development of Aircraft Vulnerability Models (AVMs) to quantify the areas
of aircraft susceptible to catastrophic or emergency outcome (e.g. fuselage
penetration, fuel tank rupture) following impact with falling space debris. A
fragment > 300gm is generally considered catastrophic.
Localizing the footprint
Localizing the footprint
Length of predicted impact zone depends on observation altitude
Most accurate prediction for observation at primary breakup altitude
On average, first fragment reaches the airspace (i.e. 18km) ~10 minutes
after breakup
Last fragment reaches ground ~26 minutes after breakup
Re-entry Direct Broadcasting Alert System
The Re-entry Direct Broadcasting Alert System (R-DBAS) works as a “smart fragment”
which can autonomously determine its own position during re-entry, and which knows its
relative location in the projected hazard area (footprint probability box), which has been
pre-computed on ground.
The R-DBAS allows to directly broadcast related
alerts to potential users within the time falling
fragments take to reach altitudes used by aviation
or to reach Earth surface.
R-DBAS: Receiver-display unit
The Receiver-Display unit will receive in real-time the hazard area geographical
coordinates and display them as a simple alphanumeric message on a computer screen or
digital mobile phone, or against a map backdrop. The Receiver-Display unit may be
integrated or adapted to existing computer and display systems, and include user’s GPS
location to track user’s relative position with reference to hazard area.
The Receiver-Display unit can be carried or
installed on airplanes, ships, boats, offshore
platforms, ground vehicles, on personal and
mobile communication devices, and on
centralized computer systems. By receiving
the alert notification, collision avoidance or
escape maneuvers may be performed or
the user may need to take shelter.
Space and aviation: more and more intertwined
.
16
Commercial aerospaceports: becoming a reality
.
17
IAASS
Classification Societies…..it all started over a cup of coffee
•
In the second half of 18th century, marine insurers, based at Lloyd's coffee house in London,
developed a system and established a committee for the independent inspection of the hull and
equipment of ships presented to them for insurance cover.
•
The condition of each ship was “classified” on an annual basis according to the excellence of its
construction and its perceived continuing soundness (or otherwise).
•
In 1828 Bureau Veritas was established as classification society, followed by the Lloyd's Register of
British and Foreign Shipping as a self-standing classification society, and by other societies (RINA,
ABS, DNV, ClassNK, etc.
International Association for the Advancement of Space Safety
18
IAASS
Classification Society activities








Promotion of safety of life, property and the environment
Develop technical standards (rules) for design and construction of ships
Approve designs against their standards
Conduct surveys during construction to satisfy the ship is built in accordance with the approved
design and to the requirements of the Rules
Acts as a Recognised Organization carrying out statutory surveys & certification as delegated by
maritime administrations
Regulations for in-service inspection and periodic survey during operation
Research and development programs
Support international organizations (IMO, ISO, IACS, etc.)
Involved in all stages throughout the life of a ship: design, construction and in-service. Assessment of
changes resulting from modification, repair, degradation, etc.
International Association for the Advancement of Space Safety
19
IAASS
Classification Society statutory role and interfaces
•
Many national administrations have opted to take advantage of Classification Societies experience by
signing formal delegation agreements with one or more of them (for example Canada signed with
Germanischer Lloyd, American Bureau of Shipping, Bureau Veritas, Det Norske Veritas and Lloyd’s
Register).
•
The rules published by Classification Societies, together with the requirements set down in the various
International Conventions of the International Maritime Organisation (IMO) and the marine legislation
of the flag states, form a comprehensive and coherent set of standards for design, construction and
maintenance in operation of ships
International Association for the Advancement of Space Safety
20
IAASS proposal to organize space
Five points:
I.Extend the ICAO mandate to space (up to geosynchronous orbits) to cover civil/commercial
space traffic control (launch/re-entry and on-orbit), space environment protection, and for
integration of air/space traffic management.
II.The “extended ICAO” would then promote the development of a set of interoperability rules
between civil/commercial and military space situational awareness and traffic control
III.Extend the ICAO mandate to include the issuing of safety rules for commercial spaceports and
aerospaceports systems, facilities and operations
IV.Extend the ICAO mandate to include the issuing of Safety Management System (SMS) rules
for operators, and to promote an industry driven self-regulatory regime for the safety certification
of commercial human spaceflight systems (similar to “Classification Societies”), and for flight
personnel training and certification
V.Consistently with the “extended ICAO”, enlarge scope and mandate of national space licensing
authorities (e.g. FAA-AST)
21