In 1999 McDonald headed a panel to scrutinize shuttle operations after two close calls on the STS-93 mission grounded the shuttle fleet. At takeoff, a pin broke loose and ruptured cooling tubes in one of the three main engines, affecting its performance. Separately, during the same launch, two of the engine controllers unexpectedly shut down. (The commander of the mission was Eileen Collins.) McDonald's panel identified problems with the shuttle program very similar to the ones described by the CAIB more than three years later. He is still "dreadfully disappointed" that more of his panel's advice wasn't followed. More important than a rescue shuttle, he believes, is that the program be constantly subjected to neutral outside review. "Many times [the] people who are candidates for external reviewers may be retired or former employees that share many of the views," says McDonald. "They have the expertise but they don't have the critical view of the vehicle that is necessary to introduce what some people have called 'fresh eyes.'
"Some of the reviews are led by former astronauts," he adds. "I happen to have a great deal of admiration for astronauts. I think they're terrific people and extremely brave. But their acceptance of risk levels is way beyond mine." In what was probably its toughest recommendation, the CAIB called for NASA to do a thorough recertification of the shuttle "at the material, component, subsystem, and system levels" if it planned to keep operating the vehicle beyond 2010. Early last year, the Bush administration decided to retire it instead. When the space station is complete, in another 28 missions, that will be the end of the space shuttle.
Although NASA would like to reach that milestone as soon as possible, in part to free money for Bush's new moon-Mars exploration program, there's nothing sacred about 2010, says shuttle program manager Bill Parsons. "The guidance I received is to look at this as a 28-flight profile," he says. "Don't get caught up in 2010. It's not the driving factor by any means." Parsons is well aware that the CAIB criticized NASA management for allowing schedule pressure rather than safety to guide decision-making in the months before the Columbia accident. That won't happen again, he vows.
Because NASA plans to phase out the shuttle, last December it canceled several upgrades including an "advanced health management system" for the main engines. This suite of sensors and computers would have monitored the engines so that if something started to go wrong, the onboard computers would react instantly. Testifying before a Senate subcommittee in September 2001, NASA head of space operations Bill Readdy said the proposed update would reduce the risk of catastrophic engine failure by up to 40 percent. But leaving real-time decisions about engine throttling to an automated system entails its own risk, says Parsons. Much more testing would have to be done, and given the shuttle's limited life expectancy, he says the money would be better spent on additional ground tests to improve engineers' understanding of the engines.
When I asked Eileen Collins if she spent time worrying about main engine failures, she said that "worrying" is not the word she would use. "I spend time training for failures," she said, "because we have to be ready for that."
Approximately two weeks before the launch of Discovery, NASA's senior managers will hold a Flight Readiness Review, a final meeting to consider any questions left over from the hundreds of program reviews leading up to launch. The managers will have guidance from Covey's Return to Flight Task Group, which will already have reported its findings. And at some point they will agree that everything possible has been done to mitigate the dangers of launching a vehicle into space.
But what if it hasn't?
There are seven astronauts-and thousands of people working every day to ensure their safety-who will still be willing to take the risk.
Originally published in Air & Space/Smithsonian, April/May 2005 . All rights reserved.