StudyDaddy English thoughtful analysis demonstrate your depth of knowledge and thinking of the Challenger Disaster Page 1 of Topic Paper: The philosophy-module instructor presented material related to Impediments to Res

thoughtful analysis demonstrate your depth of knowledge and thinking of the Challenger Disaster Page 1 of Topic Paper: The philosophy-module instructor presented material related to Impediments to Res


The Space Shuttle Challenger Disaster 1


thoughtful analysis demonstrate your depth of knowledge and thinking of the Challenger Disaster Page 1 of Topic Paper: The philosophy-module instructor presented material related to Impediments to Res 1


Let us apply the discussion of engineering as social experimentation to the explosion of the space shuttle Challenger, and by extension the space shuttle Columbia. The Columbia and its sister ships, Challenger, Discovery, and, Endeavour were delta-wing graft with a huge payload bay (Figure 4-1). Early, sleek designs had to be abandoned to satisfy U.S. Air Force requirements when the Air Force was ordered to use the National Aeronautics and Space Administration (NASA) shuttle instead of its own expendable rockets for launching satellites and other missions. As shown in Figure 4-2, each orbiter has three main engines fueled by several million pounds of liquid hydrogen; the fuel is carried in an immense, external, divided fuel tank, which is jettisoned when empty. During liftoff the main engines fire for approximately

8.5 minutes, although during the first 2 minutes of the launch much of the thrust is provided by two booster rockets. These are of the solid-fuel type, each burning a one million-pound load of a mixture of aluminum, potassium chloride, and iron oxide.

The casing of each booster rocket is approximately 150 feet long and 12 feet in diameter. It consists of cylindrical segments that are assembled at the launch site. The four field joints use seals composed of pairs of O-rings made of vulcanized rubber. The O-rings work in conjunction with a putty barrier of zinc chromide.

The shuttle flights were successful, although not as frequent as had been hoped. NASA tried hard to portray the shuttle program as an operational system that could pay for itself. But aerospace engineers intimately involved in designing, manufacturing, assembling, testing, and operating the shuttle still regarded it as an experimental undertaking in 1986. These engineers were employees of manufacturers, such as Rockwell International (orbiter and main rocket) and Morton-Thiokol (booster rockets), or they worked for NASA at one of its several centers: Marshall Space Flight

Center, Huntsville, Alabama (responsible for the propulsion system); Kennedy Space Center, Cape Kennedy, Florida (launch operations); Johnson Space Center, Houston, Texas (flight control); and the office of the chief engineer, Washington, D.C. (overall responsibility for safety, among other duties).

After embarrassing delays, Challenger's first flight for 1986 was set for Tuesday morning, January 28. But Allan J. McDonald, who represented Morton-Thiokol at Cape Kennedy, was worried about the freezing temperatures predicted for the night. As his company's director of the solid-rocket booster project, he knew of difficulties that had been experienced with the field joints on a previous cold-weather launch when the temperature had been mild compared to what was forecast. He therefore arranged a teleconference so that NASA engineers could confer with Morton- Thiokol engineers at their plant in Utah.

Arnold Thompson and Roger Boisjoly, two seal experts at Morton-Thiokol, explained to their own colleagues and managers , as well as the NASA representatives how on launch the booster rocket walls bulge, and the combustion gases can blow past one or even both of the O-rings that make up the field joints (see Figure 4-2). The rings char and erode, as had been observed on many previous flights. In cold weather the problem is aggravated because the rings and the putty packing are less pliable then. But only limited consideration was given to the past history of O-ring damage in terms of temperature. Consideration of the entire launch temperature history indicates that the probability of O-ring distress is increased to almost a certainty if the temperature of the joint is less than 65o F.

The engineering managers, Bob Lund (vice president of engineering) and Joe Kilminster (vice president for booster rockets), agreed that there was a problem with safety. The team from Marshall Space Flight Center was incredulous. Because the specifications called for an operating temperature of the solid fuel prior to combustion of 40o F to 90o F, one could surely allow lower or higher outdoor temperatures, notwithstanding Boisjoly's testimony and recommendation that no launch should occur at less than 53oF. They were clearly annoyed at facing yet another postponement.

Top executives of Morton-Thiokol were also sitting in on the teleconference. Their concern was the image of the company, which was in the process of negotiating a renewal of the booster ' rocket contract with NASA. During a recess Senior Vice President Jerry Mason turned to Bob Lund and told him “to take off your engineering hat and put on your management hat.” It was a subsequent vote (of the managers only) that produced the company's official finding that the seals could not be shown to be unsafe. The engineers' judgment was not considered sufficiently weighty. At Cape Kennedy, Allan McDonald refused to sign the formal recommendation to launch; Joe Kilminster had to. Accounts of the Challenger disaster tell of the cold Tuesday morning, the high seas that forced the recovery ships to seek coastal shelter, the ice at the launch site, and the concern expressed by Rockwell engineers that the ice might shatter and hit the orbiter or rocket casings. The inability of these engineers to prove that the liftoff would be unsafe was taken by NASA as an approval by Rockwell to launch.

The countdown ended at 11:38 am. The temperature had risen to 36o F. As the rockets carrying Challenger rose from the ground, cameras recorded puffs of smoke that emanated from one of the field joints on the right booster rocket. Soon these turned into a flame that hit the external fuel tank and a strut holding the booster rocket. The hydrogen in the tank caught fire, the booster rocket broke loose, smashed into Challenger's wing, then into the external fuel tank. At 76 seconds into the flight, by the time Challenger and its rockets had reached 50,000 feet, it was totally engulfed in a fireball. The crew cabin separated and fell into the ocean, killing all aboard:

Mission Commander Francis (Dick) Scobee; Pilot Michael Smith; Mission Specialists Gregory

Jarvis, Ronald McNair, Ellison Onizuka, Judith Resnik; and teacher in space “Christa

MacAuliffe.”

Why safe operation of the space shuttle was not stressed more? First of all, we must remember that the shuttle program was indeed still a truly experimental and research undertaking. Next, it is quite clear that the members of the crews knew that they were embarking on dangerous missions. But it has also been revealed that the Challenger astronauts were not informed of particular problems such as the field joints. They were not asked for their consent to be launched under circumstances that experienced engineers had claimed to be unsafe and without any safe escape mechanism (safe exit) available should things go wrong.

The reason for the rather cavalier attitude toward safety is revealed in the way NASA assessed the system's reliability. For instance, recovered booster rocket casings had indicated that the field-joint seals had been damaged in many of the earlier flights. The waivers necessary to proceed with launches had become mere gestures.

Richard Feynman made the following observations as a member of the Presidential Commission on the Space Shuttle Challenger Accident (called the Rogers Commission after its chairman): “I read all of these (NASA flight readiness) reviews and they agonize whether they can go even though they had some blow-by in the seal or they had a cracked blade in the pump of one of the engines . . . and they decide “yes.” Then it flies and nothing happens. Then it is suggested . . . that the risk is no longer so high. For the next flight we can lower our standards a little bit because we got away with it last time . . . It is a kind of Russian roulette.”

Since the early days of unmanned space flight, approximately 1 in every 25 solid-fuel rocket boosters failed. Given improvements over the years, Feynman thought that 1 in every 50 to 100 might be a reasonable estimate now. Yet NASA counted on only one crash in every 100,000 launches.

Another area of concern was NASA's unwillingness to wait out risky weather. When serving as weather observer, astronaut John Young was dismayed to find his recommendations to postpone launches disregarded several times. Things had not changed much by March 26, 1987, when NASA ignored its devices monitoring electric storm conditions, launched a Navy communications satellite atop an Atlas-Centaur rocket, and had to destroy the $160 million system when it veered off course after being hit by lightning. The monitors had been installed after a similar event involving an Apollo command module eighteen years before had nearly aborted a trip to the moon.

Veteran astronauts were also dismayed at NASA management's decision to land at Cape Kennedy as often as possible despite its unfavorable landing conditions, including strong crosswinds and changeable weather. The alternative, Edwards Air Force Base in California, is a better landing place but necessitates a piggyback ride for the shuttle on a Boeing 747 home to Florida. This costs time and money.

In 1982 Albert Flores had conducted a study of safety concerns at the Johnson Space Center. He found its engineers to be strongly committed to safety in all aspects of design. When they were asked how managers might further improve safety awareness, there were few concrete suggestions but many comments on how safety concerns were ignored or negatively affected by management. One engineer was quoted as saying, "A small amount of professional safety effort and upper management support can cause a quantum safety improvement with little expense.” This points to the important role of management in building a strong sense of responsibility for safety first and schedules second. The space shuttle's field joints are designated criticality 1, which means there is no backup. Therefore a leaky field joint will result in failure of the mission and loss of life. There are 200 items of criticality 1 on the shuttle. A problem with any one of them should have been cause enough to do more than just launch more shuttles without modification while working on a better system. Improved seal designs had already been developed, but the new rockets would not have been ready for some time. In the meantime, the old booster rockets should have been recalled.

In several respects the ethical issues in the Challenger case resemble those of other such cases.

Concern for safety gave way to institutional posturing. Danger signals did not go beyond Morton-Thiokol and Marshall space Flight center in the challenger case. No effective recall was instituted. There were concerned engineers who spoke out, but ultimately they felt it only proper to submit to management decisions.

One notable aspect of the Challenger case is the late-hour teleconference that Allan McDonald had arranged from the challenger launch site to get knowledgeable engineers to discuss the seal problem from a technical viewpoint. This tense conference did not involve lengthy discussions of ethics, but it revealed the virtues (or lack thereof) that allow us to distinguish between the ”right stuff ” and the “ wrong stuff”. This is well described by one aerospace engineer as arrogance, specifically, “The arrogance that prompts higher-level decision makers to pretend that factors other than engineering judgment should influence flight safety decisions and, more important, the arrogance that rationalizes overruling the engineering judgment of engineers close to the problem by those whose expertise is naive and superficial by comparison." Included, surely, is the arrogance of those who reversed NASAs (paraphrased) motto "Don’t fly if it cannot be shown to be safe" to "Fly unless it can be shown not to be safe.”

In a speech to engineering students at the Massachusetts Institute of Technology a year after the Challenger disaster, Roger Boisjoly said: "I have been asked by some if I would testify again if I knew in advance of the potential consequences to me and my career. My answer is always an immediate yes. I couldn't live with any self-respect if I tailored my actions based on potential personal consequences as a result of my honorable actions.”


thoughtful analysis demonstrate your depth of knowledge and thinking of the Challenger Disaster Page 1 of Topic Paper: The philosophy-module instructor presented material related to Impediments to Res 2

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!