Sen—Last year’s accident of the passenger spaceship being built for Virgin Galactic not only exposed what turned out to be an unfortunate and fatal misjudgment on the part of manufacturer Scaled Composites, but also a scism within the U.S. agency tasked with the dual and occasionally conflicting roles of protecting public safety and promoting the commercial spaceflight industry.
Scaled took the biggest hit in the National Transportation Safety Board's report about the Oct. 31, 2014, test flight of SpaceShipTwo over California’s Mojave Desert. The board, which released its final report last week, determined that Scaled was lured into a false sense of security in designing a system that was fatally vulnerable to a single pilot error.
During what turned out to be SpaceShipTwo’s final test flight, co-pilot Michael Alsbury, a highly experienced and well regarded Scaled test pilot, prematurely released the latching mechanism that held the spaceship’s moveable tail section back, before aerodynamic forces had built up to pin the so-called “feather” in place. As a result, the tail section pivoted too soon and the ship, with its rocket engine firing, was torn apart. Still in his seat, pilot Peter Siebold was throw clear of the debris and he managed to parachute to safety. Alsbury paid for his mistake with his life.
While laying blame for the accident firmly on Scaled, the NTSB also had sharp words for the Federal Aviation Administration’s Office of Commercial Space Transportation (AST), which had issued Scaled a permit for the test flights of SpaceShipTwo, still considered an experimental vehicle.
The distinction between “experimental” and “operational” vehicles is important. AST’s job was not to assess if SpaceShipTwo was safe to fly per se, but to determine, to the best of its ability given the experimental nature of the vehicle, that the flights posed an extremely low risk of causing harm to people and/or property not involved in the launch.
“Our authority … is really public safety … to protect the people not involved. So we only license and regulate to the extent necessary to ensure the safety of the people not involved. I think that’s very important,” Kenneth Wong, manager of AST’s Licensing and Evaluation Division, told the NTSB in January. A transcript of the interview was released on July 28 following the NTSB’s public hearing about the accident.
In addition to having two highly trained and experienced pilots flying SpaceShipTwo, Scaled fulfilled most of its public safety risk mitigation by operating the vehicle over remote, sparsely populated areas.
“At the time when the hazard is present—and it’s only relevant during the time when the hazard is present—if the vehicle is operating in the control area, where the population density is low, there’s a compelling argument to say that public safety is not significantly endangered by their willingness to operate at less than the state of the art,” former AST deputy associate administrator James Van Laak said in an interview with Sen.
“The problem is not that the FAA allowed them to fly with that single point of failure. The problem is that the office really, really wants to have industry happy that the FAA is not burdening them. That sensitivity created a bureaucratic mess where engineers couldn’t just call up someone and ask what was going on. They had to go through an internal process. But the decision to let Scaled fly did not endanger public safety in any meaningful way,” said Van Laak, who left his position at the FAA three years ago.
AST did determine that Scaled fell short of requirements to provide analysis of potential hazards due to human error and software errors. But in the end, the FAA closed the loop by issuing waivers for those reports. The waivers, initiated and approved by AST, remained part of Scaled’s experimental flight permit during subsequent renewal processes.
Not everyone in the Office of Commercial Space Transportation agreed with how SpaceShipTwo’s permits were handled.
“An experimental system is there to test the boundaries … But our job is to protect the general public. When we get information that points to a potential risk, understanding how that risk is manifesting itself and how the applicants go through their process to manage that risk or … how they're making sure that it doesn't happen is extremely important,” Thomas Martin, lead technical system safety engineer for the AST, told the NTSB.
“I reported to my management we do not have enough information that shows that they (Scaled) are compliant with the regulations; we should have never issued that permit. Either they need to write a waiver, or we need to make them … develop some more information and show us how they've met the requirements,” Martin said.
Martin told the NTSB, he got “pushback” from within the AST office. “The concern was that we were changing how we were evaluating (Scaled’s permit application) midstream. Several people in management felt like that was unfair,” Martin said.
His concerns escalated before SpaceShipTwo’s permit application was submitted for renewal a second time in 2014. Martin told the NTSB that Scaled had made some changes to the vehicle’s wing, in anticipation of installing helium tanks to try to compensate for motor instability.
“They had flown this without notifying the FAA. My management got comfortable with it because Scaled Composites came back and said they had done a lot of … drop testing with it and they had a lot of information to correlate the data,” Martin said.
After receiving its renewed permit, Scaled notified the FAA of another modification, sparking Martin’s concern that Scaled should also provide a hazard analysis of SpaceShipTwo’s structure. “Scaled was willing to do that, but my management didn’t feel it was necessary,” Martin said.
Martin, a former NASA systems engineer and mission operations director, told the NTSB that the FAA was making the same kind of mistakes and misjudgments that had led to the 2003 shuttle Columbia accident. A 2.5-pound piece of foam insulation fell off the shuttle’s fuel tank during launch and hit the ship’s wing, causing what turned out to be fatal damage. Sixteen days later, Columbia broke apart as it plowed through the atmosphere for landing, killing all seven astronauts aboard.
For years, NASA had known that the shuttles’ fuel tanks shed foam during launch and that occasionally the debris hit the ship. But managers considered the problem a maintenance issue that needed to be addressed between flights, not a hazard to the vehicles or its crews.
Underscoring the accident was NASA’s inability to recognize and mitigate risks associated with subtle technical changes in the shuttle over time caused by reuse, aging and long-term exposure to Florida’s humid, salty air.
Engineers, for example, failed to realize that the leading edges of the shuttles’ reinforced carbon-carbon wings had grown brittle over the years, making them vulnerable to strikes by something as a seemingly benign as a piece of lightweight foam.
Van Laak, a former NASA manager, said the pressure to meet flight schedules had made the shuttle program increasingly lax about resolving what were known as “inflight anomalies,” which are problems, or technical issues, that are outside of normal operational parameters.
“But I never would have chosen foam to the failure that was going to cause the accident,” he added.
Martin told the NTSB he warned AST managers that “if we don't change our approach, it's not a matter of 'if,' it’s a matter of 'when' something’s going to happen."
When the NTSB asked Martin if others at AST were concerned about approving Scaled’s permit he said, “I think everybody had a little apprehension … Everybody would say ‘Yeah, we know there’s a lot of risk, but,’—and this is a common statement—‘management wants us to issue the permit.’ In fact, when I brought up the waiver—this is really interesting because I had some experience at NASA with this—I was pulled in by one of the managers, a guy by the name of Glenn Rizner, and he told me specifically that (AST associate administrator) Dr. (George) Nield does not want you to raise that issue about the waiver.”
“I think everybody kind of agreed we weren't doing a complete job,” Martin told the NTSB.
AST declined an interview request.
“Over the next 90 days, we are currently reviewing the NTSB recommendations and preparing responses to the board's recommendations,” FAA spokesman Hank Price wrote in an email to Sen.
The office has been pulsing industry about possible safety regulations for space-faring passengers, a draft of which specifically states that there should be no single action that could result in a catastrophic event.
Under Scaled’s experimental permit, AST “had no legal means to look at Scaled and say ‘Hey, you need to fix that, or you need to mitigate that.’ Certainly, we couldn’t hold a launch or deny a permit based on that, because there really was no legal right to do so,” Henry Lampazzi, an aerospace engineer with AST’s Evaluation and Licensing division, told NTSB investigators.