The Destruction of the spaceship Challenger
On January 28, 1986, the U.S. space shuttle Challenger lifted off from its launching pad at Cape Canaveral, carrying several astronauts and a schoolteacher. Seventy-two seconds after launch, the spaceship exploded into flames. An investigation of the spaceship failure showed that the resiliency of the O-rings that sealed joints in the solid rocket booster were reduced due to cold temperatures on the morning of the launch. Neither the primary nor secondary O-rings made sealing contacts, permitting hot exhaust gases to escape and penetrate the adjoining fuel tank filled with liquid hydrogen and oxygen which caused the explosion.
Morton Thiokol, the booster manufacturer, was not suprised by this. Nearly a year earlier, engineer Roger Boisjoly had completed bench tests showing that O-ring sealing properties were lost for several minutes when subjected to temperatures below 50 degrees Fahrenheit. However, under pressure from Congress to keep costs down and an aggressive launch schedule intact, neither Thiokol managements nor NASA officials showed any interest in redesigning the joint. Because of the 18-degree temperature on the night preceding the launch, Boisjoly and other Thiokol engineers recommended strongly that the launch of January 28 be aborted. However, this recommendation was overruled by Thiokol management and NASA.
This case clearly illustrates some serious lapses in judgment on both NASA and Thiokol. The seals have since been redesigned reducing the risk of another catastrophe. Nevertheless, current estimates of the chance that a given shuttle launch will fail catastrophically from some cause lie at 1 in 248. Given the large number of shuttle launches anticipated for scientific purposes and for construction of the new space station Freedom, the cumulative probability of disaster becomes significant. Furthermore, some observers point out that the obsession to reduce blame on engineers at NASA has led to endless reports and studies that actually end up increasing the risk of failure.
- How safe should the shuttle be before it is allowed to fly?
- What kind of management system might avoid both carelessness on the manufacturer's part and a lack of action by NASA?
