15 Space Shuttle Probabilistic Risk Assessment Overview (PSAM-0230)
-
Published:2006
Download citation file:
The Space Shuttle is the most capable, versatile, and reliable space-faring vehicle in the world today. As a major transportation link between Earth and Low Earth Orbit (LEO), the Shuttle has kept the United States on the cutting edge of space exploration and scientific discovery for the last two decades. It is the launch vehicle for all U.S. and many international components of the International Space Station (ISS). Loss of a Shuttle during flight has severe consequences including loss of a significant national asset, loss of national confidence and pride, and, most importantly, loss of human life.
Although the Shuttle is very reliable, space travel is inherently risky. To understand the risks associated with space flight, the National Aeronautics and Space Administration (NASA) historically performed highly detailed and comprehensive qualitative risk assessments through the Critical Items List (CIL) and Hazards programs. While these qualitative programs were useful and informative, they did little, if any, to segregate and prioritize risks. With the inherent risky nature of the Space Shuttle Program (SSP), and the large number of potential hazards, the ability to quantify risks due to various hazards is also desirable.
In March 2001, the SSP made the decision to develop a Shuttle Probabilistic Risk Assessment (SPRA) to help quantify and rank risks associated with the Shuttle. The purpose of this Probabilistic Risk Assessment (PRA) is to provide a useful risk management tool for the SSP to identify strengths and possible weaknesses in the Shuttle design and operation. The primary end state for this assessment is Loss of Crew and Vehicle (LOCV) and is limited to mission/flight time only. Therefore, accident scenarios initiated and realized prior to launch are not included in the SPRA. However, scenarios initiated prior to launch, but realized during flight are included.
The SPRA uses a multi-phase, top down approach to identify and analyze potential risk contributors. Most ground-based facility PRAs only include events from steady state operation with redundancy and several possible mitigation paths before reaching the undesired end state. Therefore, specialized event trees are required to establish the failure event sequences. The SPRA takes a unique approach by using a single event tree entry point: launch. Assuming launch as the single event tree entry point is reasonable, because Shuttle event sequences do not generally have complicated mitigation paths and are relatively short. Therefore, the event sequences may be included in fault trees.
The SPRA includes three phases of operation: ascent, orbit, and descent. Each phase represents a different mode of operation. Ascent essentially begins with T-0 (i.e., launch) and concludes with orbit insertion. The orbit phase then is assumed to continue for nine days up to reentry. The descent phase covers reentry, approach, landing, and rollout to wheel stop. As a result, the Shuttle begins as a rocket launched into space, converts into a spacecraft orbiting the Earth, which reenters Earth's atmosphere, glides to the runway, and lands. Most of the Orbiter systems are normally operating during the assumed nine-day mission, and some systems are on standby as either backup or until needed for their role in the mission.
This paper discusses the scope of the SPRA and the overall methodology, shows results, and provides risk insights for this assessment. The calculated risk shows that a majority of the risk is initiated during ascent, but is realized during entry. For example, a critical hit by debris during ascent on the thermal protection surfaces does not cause LOCV until reentry. The scope, assumptions, uncertainties, and limitations of this assessment help put its results in perspective for management's decision-making process.