back to article 40 years ago, classified Shuttle mission foreshadowed Challenger's fatal flaw

It has been 40 years since NASA launched the first dedicated Department of Defense Space Shuttle mission, after which engineers spotted O-ring seal defficiencies that would doom Challenger a year later. The five crew members launched on the three-day jaunt to space and back – aboard Space Shuttle Discovery – on January 24, …

  1. John Robson Silver badge
    Unhappy

    Most significant

    "The erosion was the most significant observed by the Space Shuttle program up to that point"

    The previous blow through of the primary ring should have been enough warning, it's not as if the two o rings could possibly have had different failure modes.

    1. simonlb Silver badge
      FAIL

      Re: Most significant

      What staggers me is that they thought having just two o-rings on each joint was sufficient. Knowing the forces and temperatures at work here - Yes, this IS rocket science - three should have been the bare minimum, as in terms of cost, what value do you attribute to a couple of SRB's when compared to the overall cost of an orbiter, it's crew and the payload?

      1. Adam Foxton

        Re: Most significant

        Three? Not at all. They should have had four! No, they should have had SIXTY.

        Two is fine. Nothing should get past the one O-ring. Choose the right O-ring and use it within spec and it'll generally be fine, with the second being a backup in case it isn't. The problem comes when you compromise both simultaneously- three O-rings wouldn't have helped if they were all too cold (as with this and Challenger).

      2. The Man Who Fell To Earth Silver badge
        Mushroom

        Re: Most significant

        They should not have been segmented at all. The original spec didn't allow segmented boosters, and the boosters were to be made in Florida near the Cape. But the Senator from Utah during the Shuttle design phase (either Bennett or Moss, I don't recall) wanted them built in Utah by Thiokol. To do that, they'd have to be segmented to fit on rail cars.

        Years later, Utah Senator Orrin Hatch ensured that the Space Launch System (SLS) rocket would use the solid boosters from the Space Shuttle, again so they'd be made in Utah.

        The Challenger disaster is due to politicians dictating the designs of space ships. Do stupid things, get stupid results.

        1. TReko Silver badge

          F-35 is also designed by politicians

          If you think the solid rocket boosters are bad then spare a thought for the $1 Trillion F-35 fighter jet programme.

          Components are made by lobbying companies in all 50 states.

          1. Kev99 Silver badge

            Re: F-35 is also designed by politicians

            And why there are three version is beyond logic. During The War the Marines and Nave both used the same F4U Corsair, F4F Wildcat, and F6F Hellcat. The Navy And Army Air Forces used the same PB/B-17, P2B Superfortress, PB4Y/B-24 Liberator, R4D/C-47 Skytrain, etc. Build it carrier use and have the landing hooks removed for the Air Force. Last I hear, Devil Dogs need to qualify for carrier operations.

      3. Phil O'Sophical Silver badge

        Re: Most significant

        three should have been the bare minimum

        Adding additional seals would have either put them closer together, or increased the length of the joint. Both options would have changed the joint's characteristics and could have introduced new and different weaknesses or failure modes. There's no guarantee that the results would have been better.

      4. David Taylor 1

        Re: Most significant

        The problem was the design of the joint meant that O-rings weren't a suitable way to seal it at all.

        Due to combustion pressure and the effects of wind shear, the booster could flex, causing the tang/clevis joint to bend and creating a gap between the O-ring and the surfaces it was supposed to seal.

        The cold reduced the ability of the O-ring to re-expand when the clamping force was removed as a result of that bending, eroding the safety margin to zero.

        1. IvyKing Bronze badge

          Re: Most significant

          The book "The Challenger Launch Decision" mentions that the O-rings did re-seat after lift-off but turbulence from high altitude wind shear caused the to unseat again. If it wasn't for that wind shear, the launch would have been another near miss.

          The book also mentioned that the team did a plot of air temperature at launch versus O-ring damage with the result that no obvious trend was noted. The fatal flaw of that plot was it only covered launches with ambient temperatures of less than 70ºF, where plotting all of the data showed no damage when ambient temperature was above 70ºF.

          As for the non-segmented booster proposal, I would wonder about how they could pull off making the casting of the solid fuel grain.

          1. Not Yb Bronze badge

            Re: Most significant

            Looked into it a bit. It wasn't so much "it can't be filled", but instead that "The strength of the case was found inadequate for the prelaunch bending moment loads and was not designed with an adequate safety factor for water impact loads". Reference: Development of the Space Shuttle, Heppenheimer, pp 71-78

            Maybe if Aerojet had done a bit more design work?

            1. IvyKing Bronze badge

              Re: Most significant

              I will have to see if I can find a copy Heppenheimer's book.

              Having seen some of the processes used to make a large solid rocket motor, the facility for placing the fuel in a single piece case would be quite an undertaking. The process consists of first applying an insulating layer to the inside of the case, then apply the bond liner to the insulation, waiting for the liner to cure "just enough", which then leaves a few hour time span to cast the fuel in the casing There would also be a need for a test site that was accessible by barge as the SRB would likely have been too big to transport by rail. The Thiokol site near Promontory provides the necessary separation from populated areas.

              One comment I heard about the shuttle SRB's was that Thiokol did a good job of timing the burning of the fuel between the two SRB's. This was from someone who had experience in the hydraulics for gimbals on rocket engines starting with the Atlas missile.

      5. jdiebdhidbsusbvwbsidnsoskebid Silver badge

        Re: Most significant

        The two o rings aren't meant to be a backup for each other. Two o rings spreads the joint load and helps make it more stable against be doing forces.

        At the time, NASA management knew of the o ring erosion problem but since no o ring had ever eroded completely through, they considered it an engineering margin that was more than sufficient. The actual engineers saw it differently and viewed any o ring erosion as a failure and knew that there was a fundamental flaw that wouldn't have been solved with more o rings.

        1. Pascal Monett Silver badge

          Interesting point.

          Goes to show that armchair engineers are about as useful as armchair generals.

        2. awavey

          Re: Most significant

          Then I'd recommend reading the Rogers Commission report that goes into the full technical detail of the design of the primary and secondary o rings and note that the design for the secondary o ring was always for redundancy of the primary.

      6. Philo T Farnsworth Silver badge

        Yes, this IS rocket science

        As I recall, the loss of the Challenger was some combination of engineering failures, hubris, and politics.

        The engineering failures are well documented, as is the hubris (we got lucky before, we'll get lucky again).

        As for the politics, recall that this was the flight of the "Teacher in Space1" and the launch was to roughly coincide with Ronald Reagan's 1986 State of the Union address2 later that same day. Whether anyone would admit it or not, there was a lot of pressure to get that spacecraft into orbit.

        I recall driving in to work that morning, while listening to the radio3 coverage, thinking "they're trying awfully hard4 to get this thing off the ground" and that something's going to go badly wrong. About the time I got to my office with my first cup of coffee, they certainly had.

        Note that I'm not particularly blaming the Reagan Administration for the pressure. It's just human nature to want to impress (or curry favor with) the boss, make the boss happy, and allow theboss to point with pride at accomplishments of subordinates. It just shows what happens whey you let that impulse take over.

        _______________

        1 Teacher in Space Project

        2 1986 State of the Union Address

        3 Ask your grandparents.

        4 "My God, Thiokol," he said. "When do you want me to launch — next April?"

        1. Benegesserict Cumbersomberbatch Silver badge

          Re: Yes, this IS rocket science

          There was a launch window 2 days earlier that was scrubbed because of a weather forecast indicating risk of storms. When the time came, there was actually good weather.

  2. A Non e-mouse Silver badge

    From the early days of the Shuttle program, the o-rings were being damaged. After every flight, they took the attitude "We didn't loose the shuttle, so it's OK". They became immune to the damage, not realising that damage to the o-rings signified fundamental problems.

    Even after Challenger they decided not to fix the underlying problem, they just managed it.

  3. Bubba Von Braun

    Truth, Lies and O-Rings..

    If you're interested in a great read, check out Alan McDonald's book "Truth, Lies, and O-Rings." Alan McDonald was the Thiokol manager at Cape Canaveral who refused to sign off on the launch of STS-51L due to significant safety concerns. He played a crucial role as a whistleblower to the Rogers Commission, highlighting critical issues. His work on the Space Shuttle's return to flight, including his hands-on inspection inside a loaded Solid Rocket Motor (SRM) to examine the field joints, is particularly chilling.

    Despite his efforts, similar issues persisted by the time of the Columbia disaster, characterized by poor management and the disregard of engineers' concerns.

    The book also covers the redesign of the field joint, which now includes heaters and other enhancements to prevent the joint from separating under load. The problem wasn't just the cold O-ring; it was also the splaying of the field joint, which the O-rings were supposed to seal. This issue was exacerbated by a dangerous complacency from previous successful flights, leading to a disregard of the real risks involved.

    BvB

    1. TReko Silver badge

      Re: Truth, Lies and O-Rings..

      Richard Feynman's appendix to the Challenger explosion report has a probably the best summary of this:

      "For a successful technology, reality must take precedence over public

      relations, for nature cannot be fooled."

      1. Antron Argaiv Silver badge

        Re: Truth, Lies and O-Rings..

        Murphy said it first:

        "If anything can go wrong, it will, and at the worst possible moment."

        I leave politics to the politicians, but they need to leave engineering to the engineers.

  4. Jou (Mxyzptlk) Silver badge

    So that year before mission was lucky!

    Just because the penetration and hot gas exit was in another direction...

    Another one for the list of "near misses".

    1. Excused Boots Silver badge

      Re: So that year before mission was lucky!

      As I understand it, and please someone correct me if I’m wrong, an O ring on the booster failed allowing hot gas to escape and melt through a lower support strut holding the SRB to the external tank, the booster then pivoted inwards, impacting and rupturing the ET releasing the propellant and hence……

      Hypothetically, if the O ring had failed at a different point and the gas had escaped ‘outwards’ and not impinged on anything critical, they were what, 30-40 seconds from SRB burnout and separation, would the vehicle have survived?

      And if it did, would that have been a sufficient wake up call to seriously think about what they are doing and work to mitigate the obvious issue?

      1. Boris the Cockroach Silver badge

        Re: So that year before mission was lucky!

        Not really.

        If you read the accounts, the damaged SRB was losing chamber pressure and thrust as the burn through grew in size to the point where the shuttles flight computer was having to gimbal the engines to compensate for the loss of thrust.

        give it another 20 seconds or so of flight and the engines would have reached the limit of gimballing and would not have been able to keep the shuttle on its flight path.... not to mention the risk of total failure of thrust on that SRB.... at which point the shuttle would start to spin as theres no way to shut off the other SRB until it burns out

        And then the range safety office would have pressed the FTS button and ended the flight.

        Should have gone with the original design.. which fitted with 2 liquid fueled boosters.......... but the SRBs were cheaper

        1. Dav_Daddy

          Re: So that year before mission was lucky!

          If that would have happened they would have ejected the boosters and aborted the flight. Every time the shuttle launched they had abort runways standing by in either Europe, Africa or both depending on what orbit they were trying to reach and at what point in the launch the abort happened.

        2. Chris 239

          Re: So that year before mission was lucky!

          Don't be daft ,they would never have hit the FTS button for a crewed vehicle! Remember the SRBs actually survived the explosion of the external tank and only got destroyed by Range Safety around 25 seconds later once it was clear the vehicle and crew were lost.

          The shuttle and the external tank did not have an FTS and the FTSes on the SRBs were only for use after separation.

          But I think it's highly likely that the external tank and even the shuttle itself would have broken up when it started spinning so I think you are probably correct it would not have made much difference had the SRB burn thru happened away from the strut.

        3. Alan Brown Silver badge

          Re: So that year before mission was lucky!

          The SRBs were an interim solution whilst liquid fuelled boosters were developed

          The liquid fuelled boosters were cancelled by politicians on "cost grounds" because the SRBs existed

          NASA has always been a political football and the American political system is deeply corrupt, despite all the propaganda to the contrary

  5. rjsmall

    Ellison Onizuka

    Ellison Onizuka then had the misfortune to be on the Challenger mission that was lost. These stories demonstrate how what was portraited as a routine and safe launch vehicle was anything but.

    Into the Black by Rowland White covers this and is a good read.

  6. 4mula1

    Both STS-51-C and the ill fated STS-51-L had Ellison Onizuka on board. Made me pause for a moment seeing his name connected to this flight.

  7. robert lindsay
    Flame

    Tufte book covers this

    https://www.edwardtufte.com/book/the-visual-display-of-quantitative-information/

    It uses the actual viewgraphs made for the presentation on the launch/no launch discussion

    1. IvyKing Bronze badge

      Re: Tufte book covers this

      Basic mistake in the viewgraphs was not showing ALL of the data. Tufte came to mind when I first read about that "oopsie".

  8. Kev99 Silver badge

    What were the O rings made of? Was there any lubricant applied to them during installation? Were they adequately inspected before & after each launch looking for wear & tear?

  9. CorwinX

    If I may say IMHO there's too much over-engineering here

    The Appolo missions got to the moon with someting akin to a pocket calculator.

    The shuttles flew with vastly less tech than your average mobile phone.

    If you're going to strap someone on top of a rocket the most important thing is the KISS principle.

    Don't make it clever - make it work simply and safely as best you can.

    1. Antron Argaiv Silver badge

      Re: If I may say IMHO there's too much over-engineering here

      The Apollo missions were riding on a knife edge as well, based on what I read in the astronauts' books.

    2. Bubba Von Braun

      Re: If I may say IMHO there's too much over-engineering here

      As maybe the case less compute power than your iPhone. But substantially more complex, a 4 way computer complex voting on results in real-time, and then if they could agree the 5th backup with an entirely separate software load developed by a different team. Oh in the early days all done in assembler if memory serves me well 3-4Million lines.

      The software on the Apollo fight computers is a work of art, written defensively, even when overloaded it elegantly shed load and restarted. Margret Hamilton and the team at Draper Labs set a very high standard

      1. Chris 239

        Re: If I may say IMHO there's too much over-engineering here

        A standard many seem to be unable to match since even in the aerospace field as far as I can see.

        By way of evidence:

        The Boeing MCAS disaster,

        the first Ariane 5 flight

        the Boeing Starliner fiasco

  10. anonymous boring coward Silver badge

    Never stop not learning...

  11. goblinski

    I am appalled that no one - then or now - gave NASA credit for having been the proto-disruptors: going slow and breaking things.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like