As an example of the problems the orbiter has, the Challenger did separate from the stack. Whilst most people think it was destroyed in an explosion of fuel and oxidiser, the reality is that when the ET fell apart, the orbiter pitched back, into the hypersonic airflow. This ripped the wings off, and the fuselage broke up due to further aerodynamic stress.
The entire stack is only just within its structural limits when flying in exactly the attitude and configuration it has. It may look pretty serene as it ascends, but in reality there are forces of almost unimaginable ferocity, and a very fine balancing act to avoid them causing disaster.
Annnnnd that raises the question of why was it designed in such a way. Did they not want to give at least some chance of escape instead of the 'fuck the crew" mentality they seemed to have?
The thought was that focusing on reusability would create an era of lower cost space flight. The Shuttle program’s vision was hatched on the heels of the moon landing when we envisioned a much broader mission which included permanent orbital stations and the like, although much of the original vision wasn’t fulfilled. I don’t think there was ever any ‘fuck the crew’ mentality here just because an abort during large portions of launch turned out to be unfeasible. Hindsight is always 20/20. The Russian Buran program looked to have improved on the configuration a bit by going with liquid boosters which could at least be throttled back or shut off in an abort situation.
The reality is, we didn’t really fly enough Apollo missions to really know for sure, but I suspect the Shuttle was a far safer craft to fly in, on balance.
Nominally, there were abort scenarios for the Orbiter, though I believe they couldn’t occur until after SRB separation because of the issues raised by Stranger. The first was termed Return To Launch Site (RTLS), whereby the Orbiter was supposed to jettison the ET, perform a 180 deg pitchover, and fly back to Kennedy to land. The pitchover would be required because by that time the Orbiter would be more back down than belly down.
The second scenario was similar but at a further downrange position before hitting orbit. NASA actually had landing sites prepped for this on every launch. Moron, Spain, was the first one across the Atlantic.
Practically, those abort options were not really feasible with the final design, due to the stressed imposed on the airframe for that kind of pitchover maneuver. But they were dutifully spelled out in the Shuttle literature I had to read as part of my job.
As far as the mentality, the expectation was an overestimation of the system reliability and an underappreciation of the real dynamics involved in the actual scenarios allowed. Basically, the Shuttle was designed to be 2 fault tolerant for all critical systems. That means it is supposed to allow two independent failures to any system and still fail safe, not cause loss of vehicle. You might lose the mission, but not the crew (e.g. abort launch and land the orbiter, equivalent to the escape system ejection).
The numbers Stranger quoted above regarding the reliability sound like what I recall hearing when I was learning about the systems 20 years ago. “The system is so much more reliable than Apollo that it doesn’t need an escape system.”
Recall that the premise behind the Shuttle was to make space travel as frequent, reliable, and reusable as commercial airlines (or nearly so). The plan was 30 day turnaround on an Orbiter and 2 or 3 launches a month. They just thought going in they would end up with a result where ejection was unnecessary. Essentially the same reason we don’t carry parachutes on commercial airlines. The likelihood of it being required is incredibly low, and the few situations where you have problems the ability to use them is again incredibly low. Spend that time, money, weight, concern, effort, etc on the whole system performance and reliability instead.
If nothing else, multiple engines on a stage would have to share a fuel supply. If you had fully-independent fuel supplies for each engine, then if one engine failed, not only would you be out that engine’s thrust, but that full fuel tank would then be parasitic weight on the rest of them.
As stunningly obtuse as that view might be today, that was exactly what was originally envisioned when the Space Transportation System (STS, colloquially “Shuttle”) was first envisioned in the early 1960s, while the Apollo and Gemini programs were still in development. The history of the development of the STS is extensively and authoritatively detailed in Dennis R. Jenkins Space Shuttle: The History of the National Space Transportation System The First 100 Missions, 3rd Edition so I won’t go into great detail, but the original concepts had tightly integrated liquid flyback booster and shuttle configurations, with the orbiter nestled within the belly of the booster, or a V-shaped booster, or two identical shuttles with one separating to fly back empty while the other went to orbit, et cetera. Looking back, all of this was simplistically naive given what we know today about the various problems of parallel stacks, handling massive quantities of cryogenic propellants, thermal protection systems on spaceplane-type reentry vehicles, the difficulty in balancing the required mass fraction to take useful payload to orbit with the necessity of maintaining positive structural margins on both ascent and reentry (which is why the Shuttle rolls upside-down on ascent–the aeroloading on the top side of the wings would shear them off quickly), et cetera.
In 1960 there was literally almost no experience with spaceplane-type vehicles (the X-15, which can be called a “spaceplane” only by virtue that it could be briefly lofted above the Karman line, first flew in late 1959), and even in 1972, which the STS program first officially commenced, the knowledge of and experience with the various systems on the Shuttle which would later come to plague the operators just didn’t exist. It is easy to look back now and say, “They should have done X,” or “They should have considered Y,” or “Why for the love of all that is holy did they do Z?”, but the reality is that even though the trade studies and concept development phases went from grand ambitions to more modest expectations to trying to be as conservative as possible with new technologies, the Shuttle was still a highly experimental vehicle which pushed the boundaries of experience. Some of the assumptions that went into the Shuttle was that some things that were previously very difficult–such as handling large volumes of liquid hydrogen and oxygen–would become “solved problems” by the time they actually started building hardware. In reality, while we have somewhat more knowledge of the appropriate materials and processes for handling cryogenic liquids, these still pose significant safety, logistical, and design issues for modern vehicles. The thermal protection system is another example; many original concepts planned to use some kind of active system in which a coolant was flowed though a giant manifold right beneath a robust metallic skin. This proved to be essentially impossible to operate reliably even in concept, and the delicate but effective passive insulating tiles were selected again. Despite being the more conventional solution, the tiles proved to be one of the most complex and problematic parts of the Shuttle development, delaying the first launch by almost two years.
Practically speaking, if you have a crew of more than a handful of people in a small, separable capsule, developing an effective launch abort system is impossible for the same reason that commercial airliners don’t have ejection seats; the weight, complexity, and likelihood that the system would fail are all prohibitive. There is some question about just how reliable even the relatively simple tractor rocket LAS would be on capsules; we have a sparse number of tests on Mercury and Apollo to go from, and one practical example on a Russian launch failure to go on. The Space Launch System will have exactly one pad abort and one in-flight test of the LAS before flying a crewed mission, which really demonstrates nothing about reliability other than nominal function.
Space launch vehicles are pretty much unlike any other complex system (save for weapons like missiles and bombs) in that they fly for a few minutes under extraordinarily harsh conditions which often cannot even be represented in ground testing, completely under automatic control (things happen too quickly and there are too many critical inputs for any human pilot to control), and then is expended. To add reusability into the recipe increases the challenges substantially. Also demanding several orders of magnitude improvement in reliability or the ability to successfully abort and recover across the entire range of ascent conditions is essentially an impossible problem with any conventional technology. This is why in terms of reliability of the propulsion system, simplicity and robustness trump redundancy. For other systems, such as telemetry, ordnance, avionics, et cetera which can be fully redundant (i.e. have entirely separate lines of operation all the way back to the initiating signal and power supply) redundancy adds value; for the propulsion system, it just typically adds failure points.
Ok, so Challenger had no chance at all. But, then Columbia? According to this STS 28 suffered damage to nearly half the Orbiter shields. The commander was certain they were dead (and figured he had about a 60 second window in reentry to tell Mission Control exactly what he thought of them), yet it came down. Why did it survive and not Columbia and did the fact that the CDR here knew of the damage help?
Wow, interesting. Among other things, this speaks to the poor decision to blend military and civilian missions with STS – another way the program tried to keep costs down. The military aspect was phased out after the loss of Challenger.
And the linked article about the military mission does in fact state: “In a slightly different location, the missing tile could have resulted in a catastrophic burn through.” And no, Hoot Gibson could have done nothing more to help, as he is himself quoted in the article, all he could do was watch the gages for the excessive angle of trim signaling the autopilot attempting and failing a drag correction, which would have told him the ship was about to fall apart and be his cue to start letting Ground know unequivocally what he thought of their assessments.
Spaceflight has so far been bleeding edge of disaster all the way. That crew performed their mission like the disciplined professionals they were and were probably the most tightly clenched they ever were in their lives during that reentry.
Luck. Well the STS107 was catastrophic - there was no possibility at all that the orbiter would survive. It was the equivalent of a point blank 45 to the head.
STS28 didn’t have damage to the leading edge, but rather the underside of the wing. Here the airflow isn’t a hypersonic plasma slamming directly into the structure, but rather one that is streaming past. The physics of the flow are messy at best, and whether you get laminar flow past a divot, or some sort of turbulent eddy that drags plasma into the divot not easy to know. Luck of exactly which tile was lost. Even a simple spacer protruding between a pair of tiles is significant cause for concern, but all very hard to exactly predict. If the hole where the tile was missing does burn through, you then enter the crapshoot of what is on the other side. It may be empty space in the wing, it might be right next to a critical structural element or control components. If it is next to a big open space there may be enough time to re-enter before damage in the wing becomes serious enough to cause structural failure. On the other hand you could have a bad day, and cut through next to a stringer or hydraulic lines. As it was, the flow didn’t impinge on the skin much at all, and they were basically lucky. If it had been a different tile that was totally lost, it could have been a totally different story. STS28 was Russian Roulette with one chamber loaded.
STS107 was never survivable because the plasma was so intense, and just kept cutting through the wing, starting at the front and working back, slicing through control lines, structure, the lot. When it made its way far enough back the wing fell apart.
Adding the requirements for DoD payloads–specifically, the payload mass and envelope, and the required cross range necessary for a polar orbit and once around return which dictated the large lifting area–wasn’t done for cost reasons per se; the Air Force contributed essentially nothing to the development of the core STS system, spending their funds on upgrades for the Blue Shuttle program like the Advanced Fiber Wound Composite Motors and infrastructure specifically for Air Force launches such as the infamous boondoggle Space Launch Complex 6 (SLC-6 or “Slick Six”), but they did provide political support by (begrudgingly) saying that it had useful applications for Air Force and DoD missions, even though the Air Force had basically abandoned a manned space program in the 'Sixties because it was clear that their missions could be better achieved by uncrewed satellites and spacecraft. After the loss of Challenger and abandonment of the policy of using only the STS as the exclusive US space launcher, the Air Force went back to expendable launch vehicles (literally, resurrecting decommissioned ICBMs and restarting Delta and Atlas production lines, eventually culminating in the EELV program), but although the argument was about the reliability of the STS, the truth was that the cost and launch delays were just too excessive for defense missions.
Regarding damage to the insulation and RCC leading edge panels, it was just really blind pig luck that there wasn’t a loss of vehicle accident prior to STS-107. Aside from STS-28, damage was observed on many flights that, in retrospect, could have been catastrophic if it had just been a little bit bigger or in a different location, and the loss of impact strength on the RCC panels was not well understood until the post-Columbia investigation. Assumptions about the robustness and margins of the thermal protection system were optimistic, which is unsurprising given the difficulty of developing the system and getting the tiles correctly installed. There was actually significant damage on every single STS flight requiring refurbishment (replacement) of tiles and thermal blankets. The Shuttle serves as a cautionary tale for other spaceplane-type vehicles; improvements in the robustness of thermal protection systems and reduction of the most fragile areas (by eliminating vast forward lifting surfaces near the shock wave and long or sharp leading edges) are mandatory for that type of configuration.
Thanks, Stranger, for expanding on my oversimplified comment. Lately whenever I check in the Dope, I say to myself, “I hope Stranger has posted recently!” Not to put any pressure on you…you’ve got a life to lead, like all of us!
Ars Technica published an article today summarizing the Columbia CAIB plan which addressed a hypothetical rescue plan using Atlantis as well as the mission duration limiting factors (it claims that with measures to minimize crew exertion and power consumption, the Orbiter could remain habitable for up to 30 days). It also addresses the question (page 3) of subjecting Atlantis and its rescue crew to the same hazard during launch, and has a nifty chart showing the relative scale of tile damage and bipod ramp foam breakaway across the entire Shuttle program operational mission history.
I’m also super thrilled that on page 4, the article correctly identifes the cause of re-entry heating to be ram pressure (the compression of air forward of the leading edges which heats the air and causes it to radiate back through the boundary layer) and not “friction” as is generally and inaccurately stated. The first comment below (by “STS_Engineer” who claims to have worked on planning of the STS-400 provisional rescue mission) pretty much reiterates my doubts about the feasiblity and addresses some additional concerns about the crew transfer and stationkeeping operations which would be required.
I still say that “friction” is a general term for dissipative forces which oppose motion, making aerodynamic ram pressure a subset of friction. But I guess that’s dueling pedants.