Monthly Archives: December 2006

Engineering Bravery

On January 27, 1967, fire swept through the cabin of the Apollo 204 spacecraft (later re-designated Apollo 1) during a countdown test sequence, killing all three astronauts on board. An investigation followed, completedin April, 1967, and modifications made to the design of the Apollo Command Modulecabin and life support systems (replacing pure oxygen with a more natural mix of nitrogen and oxygen, plus other modifications). Three unmanned flights [not including Command Modules] were launched prior to the next manned mission, Apollo 7, launched October 11, 1968, 21 months after the Apollo 1 tragedy.

The next mission, Apollo 8, was originally planned to test docking of the Lunar Module and Command Module in Earth orbit; however, the Lunar Module was not going to be delivered on time. In August of 1968 it was decided that the Apollo 8 mission would be altered, rather than delayed, to circumnavigate the moon – instead of simply attaining Earth orbit. The mission plan was reworked in three months, and the launch occured on December 21, 1968 (and was an amazing success). The timing is important here – this change in mission occured before the launch of Apollo 7.

Apollo 13 launched on April 11, 1970. Two days into the flight, an oxygen tank exploded, and there followed 4 days of high suspense, resulting in the safe recovery of the crew. A review board was immediately assembled, and its report finalized in June, 1970. The launch of the next manned Apollo 14 mission occured on January 31, 1971 – only 9 months after the Apollo 13 episode.

On January 28, 1986, the Shuttle Challenger was destroyed shortly after liftoff, killing all 7 astronauts on board. The formal investigation was completed in June of 1986, and the next manned flight launched on September 29, 1988 – 32 months after the Challenger disaster.

On February 1, 2003, the Shuttle Columbia was destroyed upon re-entry, killing all 7 astronauts on board. The formal report on the accident was released in August 2003. The next manned mission launched on July 26, 2005 – 29 months after the Columbia disaster. Also in response to this accident, the retirement of the Shuttle program was announced, with a termination date preceding the expected date on which a replacement orbital vehicle will be qualified for use.

I realize these facts are very narrow in scope, and therefore are not authoritative evidence of a trend; however, I use them to illustrate what I contend is a more general change in the role of risk assessment in some fields of Engineering.In the case of NASA, it is very clear that the level of acceptable risk to human life has decreased dramatically since the start of manned missions, to the point now where the presence of any level of significant risk may result in the end of manned spaceflight for a lengthy period of time.

In the pharmaceutical industry, Government regulation directly controls the rate of progress, by demanding ever more stringent levels of safety before new products can be released for public use. In other areas of medical science, a combination of Government and insurance industry controls limit the rate of progress. Similar effects on the rate of progress can be seen in energy technology, the transportation industry, civil engineering (think of building codes), and now we see the beginning of these effects in information technology, with the rising concern over “security”.A valid concern over malicious attacks against high-value targets (the military, banking systems, personal information databases) has spawned increasing paranoia over attacks against individual, personal machines.

Thegrowth of what I call the Quality Industry is another strong trend toward risk adversion. The response to the Far East threat to American manufacturing has been a fascination with improving product “quality”, which can be interpreted as lowering the rate of defects in products. This thrust has taken several forms over the past 30 years, migrating from buzz word to buzz word. I have had the perspective of watching this trend progress at a single company for 20 years. Where we now stand, any defect – whether in the manufactured product, the process of manufacture, or the verification of tolerances – results in a formal “Corrective Action Request”. Each CAR is reviewed by the Quality department (which, of course, has a vested interest in the CAR process). Upon approval by Quality (and I’ve never heard of a CAR being rejected by Quality), each CAR requires a response, including root cause analysis, and a formal corrective action to ensure that the defect cannot occur again. These corrective actions are invariably in the form of additional cross-checking, institution of more manufacturing controls, all targeting a reduction in risk – and once established, these new rules are not to be overturned. What results (in our company in particular, but I am willing to generalize) is a gradual slowing of the manufacturing process, steadily increasing costs, and only marginal improvements in product quality.

In a separate post, I will examine the philosophical source of this trend.

Report This Post