Spaceflight fatalities, could anything have been done

STS-107 had a trajectory of 170 by 177 nmi at 39.0 degrees inclination. The ISS is at 262 x 265 nmi at an orbital inclination of 51.7 degrees. Just the change in inclination and raising of the orbit would require delta-v ~500 m/s notwithstanding the difference in the arguments of longitude and periapsis between -107 and the ISS. The Shuttle Orbital Manuevering System provides around 300 m/s of delta-v total, some of which is used to enter and circularize the orbit. Columbia, by virtue of the somewhat heavier structure, was unable to even achieve the orbit of the ISS, which was placed in such a high inclination to make it accessible by Soyuz and Proton vehicles launched from Baikonur.

In a pinch, astronauts could don their ACES suits and use the rescuing vehicle’s Canadarm to transfer between vehicles. The transfer would have to be quick as the ACES has only a very minimal built-in life support (as it is intended only to be worn during ascent and reentry, with air and temperature conditioning provided by the Orbiter’s systems in the case that pressure containment is lost) but it had been considered for contingency use on emergency EVAs.


No. The ISS is in a significantly more inclined orbit than ordinary shuttle missions, and it’s really, really hard to change inclination of an orbit. As in, the easiest way to do it involves a flyby of the Moon. If you weren’t deliberately planning to be in an ISS orbit, you can’t get there.

Stranger : guess you get corrected twice in one thread. Not only was there a rough plan that would have let NASA rescue the crew, there’s no discussion of what other vehicles were available.

Did the Russians have an ISS resupply vehicle that could be rushed to launch?
The basic idea is you’d put a resupply spacecraft with a depressurized cargo trunk as close to the open doors of the Columbia as possible. This would be done via remote control from the ground. The spacecraft would be loaded with consumables.

One of the crew of the Columbia would have to do a spacewalk to recover the cargo. The problem with this plan is that I don’t know what you could launch to extend the lifespan of Columbia’s power systems. More water/oxygen/food/CO2 scrubbing cartridges all sound doable, but if you lose power you’re sunk. You could pack batteries and a soldering iron and do some kind of jury-rigged repair in orbit, perhaps.

I’m more familiar with the Apollo era and in reading a lot of the astronaut biographies they expressed the feeling that they’d be safer trying to ride out a Saturn problem rather trigger than the launch escape system which they were pretty sure would kill them.

In general, I think part of the problem with Monday morning quarterbacking space flights, at least in my opinion, is no course of action is safe. There’s risk in offloading propellants, there’s risk of damage while standing down, there’s risk that next time some other system will be not quite right.
There’s a passage in Apollo: Race to the Moon talking about Walter Kapryan deciding whether to launch Apollo 13:

So he goes and launches a vehicle that gets hit by lightning twice within a couple minutes of launch. If it weren’t for John Aaron there would have been a very scary abort. And they sent the crew to the moon anyway.

For that matter take the Saturn V. It’s second flight had the worst pogo ever and three independent engines failed. So for the next flight they put guys on top of it for the first time and sent them to orbit the moon.

Those were huge risks. And if the risks hadn’t paid off, then there would no doubt be people posting on message boards today about how reckless NASA was then. And there’d be some truth to it.

But it’s easy for reckless to become bold when the risk pays off.

I don’t know that ignoring the risk of o-ring failure was so much a lie as just complacency and reliance on an intuitive feel for what seems okay versus hard analysis. Certainly the fact that any major flaw would require a costly (and likely unacceptable) redesign may have played a part in shaping that view, but the reality is that NASA was given the mandate to build a new and very different type of launch system, and somehow make the design essentially flawless on the first try. This didn’t happen with the Saturn V (which experienced several potentially destructive POGO events) or the Apollo CSM (Apollo I capsule fire, Apollo XIII LOX tank explosion), and that as a much more conventional and inherently robust system. The STS was complex (needlessly so as driven by requirements levied upon it) and the resulting design was inherently flawed in ways that were only partially understood during development. The omission of some kind of crew escape system, for instance, was driven by the fact that even the best proposed design reduced payload capability to unacceptable levels. However, coupled with solid propellant rocket boosters which ensured that there were no abort modes prior to booster separation meant that the crew was at risk for a large portion of ascent. That is an unavoidable artifact of the design and it would require a radical redesign to fix. Properly, the STS should have been a testbed for a follow-on vehicle which addressed all of the shortfalls and technical imitations imposed by conceptual design and then-available materials and tools. However, despite decades of studies, proposals, and even subscale development efforts, NASA was never granted the budget or mandate to develop a new type crewed launch system until after the failure of STS-107 and the Constellation program and now the SLS, which have returned to a more conventual capsule design.

I absolutely agree that knowingly operating the vehicle outside of the qualification range is a terrible idea, even if you have flight experience there unless you can analytically show margin and correlate it with measured data. However, just becaue the design is qualified doesn’t mean it won’t fail. Industry standard qualification such as MIL-STD-1540 is a good guideline for evaluating the robustness of the components and apply conservative margins, but at some point you can’t achieve flight-like conditions without actually flying, and you don’t get to test with margin in flight. And while this problem (the SRB o-ring blowby and erosion) was fixable, the cost and schedule impact of doing so was prohibitive in the pre-Challenger failure environment. It’s nice to be able to sit back and say what should have happened or that all known risks should be elimianted, but the reality is that almost every complex launch vehicle flies with risks that are above the design baseline risk. That is just the consequence of complexity combined with an inherent lack of tolerance for even small failures and the inability to provide fully redundant systems.

Incidentally, the technical managers who worked on the STS development estimated that a catastrophic failure would occur between 1:50 and 1:100 launches. The actual failure rate was 2:135, which places it right in the middle. On the other hand, the STS launch management team estimated much lower failure rates, typically somwhere between 1:1,000 and 1:100,000. The one-to-three order of magnitude difference in predicted reliabiliy demonstrates the difference in outlook between designers and operators; the designers knew how marginal many apsects of the STS were, but the operators very livelihoods relied upon an unrealistically high rate of success. When considering how someone evaluates the probability of failure, it is important to understand not just the ‘hard’ reliability numbers (which almost never exist in any verifiable form) but also the perspectives of the people making the evaluation.

The Ares I and Ares V were originally expected to achieve “3 sigma” (99.73%) reliability. Setting aside that blindly applying a reliability number based upon an unknown standard deviation on an unknowable statistical distribution is pretty much meaningless, demonstrating a success rate of no more than three failures in a thousand attempts for something as complex and non-redundent as a launch vehicle is statistically impossible, requiring component reliability estimates with exponents only an astrophysicist could love. With the SLS the requirement was backed off to 99% reliabiliy, which is still astonishingly high for a new type launch vehicle which will only have one uncrewed flight before certification. By a first order Bayesian estimate of mean predicted reliability (a standard estimation method that fits the empirical launch data reasonably well) 98 flights with no failures or the equivalent at nominal conditons would be required before predicting a 99% reliability. The “baseline risk” of failure for a rocket launch system, in which there are many unavoidable single failure points that can cause an unrecoverable catastrophic failure even within the qualification baseline and with all practical safety and quality measures implemented, is just innately high.

The normal turnaround time is about 10 weeks with a double shift and some staggered parallel activities. If NASA and USA had started just after the launch and worked three shift rotations it just may have been possible, provided that Atlantis was fully operational, there was an SRB set readily available at KSC, and an ET available either at KSC or ready for shipment from Michoud. Maximally parallizing the workflow could possibly get it under 20 days, but I don’t know enough about Shuttle processing operations to say that with confidence. However, you’d also be putting the rescue crew at the same risk experienced by Columbia, i.e. that falling foam may puncture the leading wing of Atlantis, thus dooming two crews and the loss of both Orbiters.


Why would they be so sure about that? Also, what does it even mean to “ride out a Saturn problem”? You don’t ride out several million pounds of propellant exploding behind you (of course, not all failure modes are as spectacular as that, but that’s pretty much what happened during Challenger).

The 15ish gees you experience in a LES aren’t fun but it’s plenty survivable, as the Soyuz T-10a crew found.

Sure. Nothing in life is safe. But you make poor decisions when your data on relative risk is wrong.

That’s irrational thinking. 106 launches of the orbiter had been done before this falling foam problem caused the damage. There are bigger risks related to rushing the processing and countdown.

So there’s a small risk of having the foam problem a second time in a row, yet there is everything to gain in terms of rewards. It would have been a PR coup for NASA to pull off a heroic rescue mission. More than likely, it would have meant more capital with Congress and more money for manned space exploration.

Also, there are things you can do to minimize the risk of losing the rescue crew. The rescue crew, since they would have been launching with no payload, could have crammed in tons of additional supplies into the cargo bay, enough for both crews and both shuttles to survive in orbit for months if necessary. They would plan a spacewalk to check the tiles on the rescue shuttle.

The “rush Atlantis to the launch pad” approach pretty much agrees with what I stated, save that the ET and SRBs processing were further along than I anticipated. The “jam a bunch of shit in the hole and hold it in place with a frozen water balloon” plan is so ludicrous I won’t even address it other than to note that the actual predicted size of the hole was considerably larger than 6" diameter.

The Progress spacecraft is lifted on a Soyuz-U from Baikonur Cosmodrome and carries about 2.5 tons of cargo. I don’t know that would be impossible to make the orbit that Columbia was in for STS-107 from that high of an inclination, but the launch windows certainly would have been very challenging. A free spacewalking to “recover the cargo” and return it to Columbia isn’t like going down to the hardware store in your truck to pick up some lumber; it would be a major physical challenge to perform even if scripted and the Canadarm were available; without the Arm, it is essentially impossible to transfer cargo from a free-floating capsule to the Orbiter. The Orbiter uses three sealed hydrogen/oxygen fuel cells modules to provide 14 kW at 28 VDC at normal consumption. The equivalent amount of batteries required to provide sufficient power for 10 days would mass approximately 33 tones for NiMH or 26 tones for LiIon, and you couldn’t just solder them into the bus; they would require an integrated power management system in order to keep the voltage within the operating parameters necessary for avionics and control systems to function.


Actually the problem had occurred on a number of previous flights (including both the post-Challenger and post-Columbia Return To Flight missions). A throughout post-Columbia review indicated that foam impingement may have occurred on over one third of all flights, and both test and analysis indicated that the assumptions about the robustness of the RCC panels were grossly overestimated. In fact, it is pretty much luck that the panels hadn’t seen more damage previously. This is exactly what I mean about trying to argue that a vehicle is “flight proven”; just because a problem hasn’t occurred yet doesn’t mean you aren’t right on the edge of failure with unacceptably slender margins.

Uh huh, just as it occurred after the Apollo XIII recovery, right?

You can’t just “cram tones of supplies” in the Shuttle like you are packing camping supplies in the back of the truck. And for reasons already addressed, the Orbiter cannot operate for much beyond the EDO duration; about 19-20 days is the limit.


I do know. If it were possible for Russian rockets to make a lower inclination, the ISS would have been built in a lower inclination to begin with. ESA could probably have gotten something into the right orbit (they use the best launch site on the planet, in French Guiana), but they almost certainly didn’t have any rocket capable of carrying an appropriate cargo prepped (or even close enough to prepped to be able to rush it).

That is almost certainly true, but. i just don’t know enough about the Soyuz-U launcher to state that authoritaitively, hence the qualifier.


  1. Did they not have Supplemental oxygen on board?
  2. I thought that it was concluded that it took nearly a minute for the crew to realise something was wrong and then they wasted several tens of seconds on the wrong issue and if they had realised immediately they might have been able to shut it.
  3. Re Spacesuits, IIRC at the time Apollo did not ales wear spacesuits during reentry and the shuttle stopped wearing them between STS4 and post Challenger… I take it they were not seen as necessary during reentry.

I may be wrong on this, but my initial read of the post that prompted this response (albeit with a little bit better than average knowledge of the incident) was that, while foam strikes on the tiles were pretty common (with at least one previous incident involving the cap of an SRB–I don’t have the memory offhand to recall the mission number, but it was a classified deployment of the first of what later were known as Onyx sats) it took until the fatal Columbia mission for just the right mass of foam to strike the RCC panel the way that it did, opening the hole.

Even in the later testing of the RCC panels, they hit the thing with quite a few shots of foam before that “gasp” moment of punching through it, didn’t they? Glancing blows?

Anyway, that was my read: the chances of another leading edge RCC strike of that type were pretty low.

Of course, I’m basically tilting at windmills here, because there’d be about 100,000+ other potential problems that could have doomed a rescue mission even if the RCC panels of the rescue shuttle made it to orbit.

Not to hijack, but…

Had the folks in the blue room taken advantage of the imaging offered to them by DOD while Columbia was on orbit, and had they verified the damage to the leading edge of the wing…do they tell the crew? Do we know if there’s even protocol for a situation like that?

I can’t imagine being in the crew’s situation there, but to a man, I’m not sure I’d want to know.

This gets into the issue of how we assign probability to presumably extreme events; because they occur at infrequent intervals, we niavely tend to assume that probabilities are really, really low, but in fact such events can just as likely occur in near sequence as to occur at even spacing. Are the odds of a puncture about 1:100 as a cursory examination of the history would suggest, or are they really something like 1:33, and we’ve just been fortunate to have a “cluster” of not-quite-severe events? Will we see three strikes in the next handful of flights to average out the distribution? How close are we to failing every time, and is there some potential bias that might suddenly shift us over the threshold so that we go from a 1% occurrence to 10%? 106 flights sounds like a lot of data to many people, but until you can assure yourself that the data neatly fits a model and the model is actually representative of the mechanics of the phenomenon, it could be totally and badly misleading, especially for a binomial-type event where the part either breaks or it doesn’t, with no evidence of how close to broken it was.

Of course you tell the crew, if for no other reason than to allow them to address their affairs and prepare for the worst. And I suspect, ludicrous or not, some attempt would have been made to rescue or patch the damage, if for no other reason than to be satisfied as having made the effort. But realistically, there was no recovery of Challenger short of launching another shuttle to rescue them and abandon Columbia in place.


FWIW, Skylab rescue had a time period of 40 days IIRC, from decision to launch. and this was with a crew and craft prepared for such a mission and with the preparation mostly done. I wonder if it could have been done with Columbia at all.

As always, excellent answer, Stranger. I suppose it ends up being the gambler’s fallacy: the ball has dropped on red 8 times in a row–it’s BOUND to drop black.

Better, braver men and women than I–every single astronaut.

And the problem didn’t cause catastrophic damage on those flights. That’s my point - the foam problem was not a reason to scrub a rescue mission.

That’s what lying to oneself usually entails. You don’t lie to yourself for malicious reasons–it’s an ongoing pattern of little self-deceptions that add up.

Yeah. Although NASA management culture carries the immediate blame, we should still ask ourselves what led NASA into that position in the first place. The one-word answer, I suppose is “Congress”. The longer answer is that any organization which on one hand is utterly dependent on the physical laws of nature, and on the other hand totally dependent on political whims, is bound to develop internal neuroses which manifest in unpleasant ways.

Well, at least they’re fixing half the problem with SLS. IMHO, solid boosters have proven unacceptable for manned missions (unmanned too, for that matter). Certain people from Utah haven’t let them get rid of them.

True enough, though in the case of Challenger it feels like there was more going on. Maybe there were a hundred Boisjolys within NASA and their contractors, and it was simply impossible to listen to all of them. At that point you do your best and fix what seem like the most egregious problems–and sometimes get it wrong. That doesn’t seem to be the case here, though. There were serious objections raised and blown off for basically political reasons.

Yeah, that was one of Feynman’s big findings. He had to exert some pressure on the techs to get them to give him numbers, but as you say they were uniformly a few orders of magnitude off from what management thought. Supposedly there was an Ivory soap reference at some point (“99.44% success rate”).

Right. Feynman’s take was that sure, you can’t estimate reliability to that degree with so few samples–but we can be reasonably confident that if reliability were extremely high, you wouldn’t see the kind of minor issues that every Shuttle flight had. These small problems may not cause failures on their own, but they’re a sign that the system as a whole is riding close to the edge.


From a spacewalk standpoint, while it hadn’t been tried out, it is not particularly challenging or risky. Probably use the robotic arm on the rescue shuttle to maneuver a crewman up to assist with the tether transfer, possibly even use the arm as a transfer route.

My question concerned the possibility of using the reentry suits as makeshift spacewalk suits. I couldn’t see them pulling together 5 extra EMUs and supplies for 7 to carry up and transfer over to Columbia for that crew to then don. Would a staggered use of EMUs work? Would they have enough air to cycle the airlock that many times? Stranger addressed that saying the reentry suits would work, but would need to be a quick transfer because their internal resources were limited.

Essentially this has already been answered. No Russian Progress could launch from Baikanur and get to the orbit where Columbia was. That is why the ISS is in a 59 deg inclination orbit and not something more convenient for the US. We would have put it in a 23 deg inclination orbit - KSC’s inclination. But the ISS had to be where Progress could reach it.

Stranger is correct, there would be the risk of repeating the issue. You are correct, 106 launches without catastrophic damage suggests 1 rescue mission might reasonable risk. Practically, if aware of the problem, it would have been almost impossible to say “Nah, we’re not going to try, you guys just say your goodbyes.”

Stranger mentioned this, but I’ll elaborate. You don’t just shove stuff in the payload bay and hope it stays in place while you launch. 40 gs on launch is not something you leave up to chance. Everything launched on a Shuttle is meticulously planned on how it is stowed to keep it secure, either hardmounted or packed in foam and bags to keep in from shifting.

One other comment on Columbia, one reason it was flying the Spacehab mission it was on was because it was too heavy to get to ISS. It was not even slated to be refit with the Docking Mechanism the other shuttles received. Which is why it had room for Spacehab. Spacehab fit in the payload bay with a tunnel running to the airlock and an airlock/hatch for EVA access.

I always thought politics entered into it. Though the presidential election was two years off, two groups that were difficult for Republicans were women and teachers. So for Reagan to be able to boast of a woman teacher being in space during the State of the Union speech would have been a big plus for the 1986 midterms as well as give Bush a little push for 1988. Had the flight not featured a teacher, perhaps the pressure to launch wouldn’t have been there.

Regarding Columbia, would a Russian rescue been feasible? Can their craft accomodate a full shuttle crew? Or would someone have the grim task of deciding which of the shuttle crew to save?