Shuttle Fix Aimed at Reducing Risk to Space Station

CAPECANAVERAL - NASA is taking steps to prevent a knownsafety hazard that could tear apart the International Space Station and adocked shuttle, triggering rapid depressurization of both spacecraft andkilling all aboard.

But NASAmanagers opted against a permanent fix because it would take at least threeyears. The shuttles are to be retiredin 2010.

Nonetheless,NASA safety engineers say action being taken will reduce the already remotechance that shuttle steering jets could accidentally ignite while an orbiter isparked at the outpost, generating enough force to rip the joined craft apart.

What'smore, an about-face by managers skeptical of the potential for disasterindicates safety engineers are exercising renewed clout in the wake of the 2003 Columbia accident.

"In mymind, this activity was a major success for safety. It's probably one of thetop things," said Jeffrey Williams, chairman of NASA's Shuttle SafetyReview Panel, which evaluates potential hazards and makes recommendations tomanagers.

"Youalways have Doubting Thomases, and wherever we went with this thing, we raninto Doubting Thomases," he said. "But the potential was identified.We confirmed the threat."

The riskalso was reported in a 2005 FLORIDA TODAY reviewof agency documentsobtained through the Freedom of Information Act.

The reviewshowed the safety panel, and two others in the agency, had recommended changesaimed at preventing inadvertent jet firings.

Shuttleprogram leaders interviewed by FLORIDA TODAY discounted the slim chanceof catastrophe, a probability between one in 10,000 and one in 1 million.

But safetyexperts later convinced managers that disaster could happen, and that thepotential consequences - loss of the $100 billion station, a $2 billion shuttleand their astronaut crews - called for action.

"Itwas a sales job," Williams said. "We didn't get the Cadillac, but Ithink we came pretty darn close in getting management focused on what needed tobe happening here."

Jetssteer shuttle

The problemlies within the shuttle's Reaction Control System, which consists of 38 primaryjets and six smaller thrusters in the orbiter's nose and tail.

The systemis designed to steer shuttles in space and during the dive back through Earth'satmosphere.

Twoelectronics boxes called Reaction Jet Drivers route firing commands to thethrusters from the shuttle commander's stick, the ship's computers or MissionControl.

NASAmanagers have known since the early 1980s that thrusters could fire withoutbeing commanded to do so. It has happened five times when shuttles were notdocked to other spacecraft.

NASA deemedthe risk acceptable then because the crew could recover if the shuttle wereaccidentally propelled through open space.

Theconsequences increase when two ships are linked, because the craft could ripapart and crews would have no time to react.

Can firewhen 'off'

Since 1995,when shuttles began docking at Russia's Mirspace station, astronauts have controlled the hazard by turning off shuttlejet power most of the time the spaceships are joined in orbit. NASA continuedthat practice during dockings at the international station.

New fearsarose after the Columbia accident. Safety studies showed the jets couldfire even when power to the thruster system is turned off.

In aphenomenon known as "arc tracking," a short circuit in other shuttlesystems could trigger a thruster firing if defective wiring runs through thesame bundles as electrical lines leading to Reaction Jet Drivers.

That meansthe method NASA has used for years to control the risk - turning off shuttlethrusters while docked to a station - could not guarantee prevention of theproblem.

Frayedwiring or the failure of transistors in the electronics boxes could prompt anaccidental firing.

So coulderroneous commands from shuttle computers or devices that relay commands fromthe computers to Reaction Jet Drivers.

Threatto station

Engineersalso determined an unexpected firing lasting 1.5 seconds or longer couldproduce enough force to snap off station solar wings or radiators.

Thehardware holding a docked shuttle to the station also could break.

NASAdocuments show the hazard is one of the most serious threats to the station, onpar with the collision of a visiting spacecraft, a deadly orbital debris strikeor a medical emergency.

"Hereyou have a potential single-point failure that could take out both the stationand the shuttle. So it no doubt is going to be their No. 1 risk," Williamssaid.

NASA tooksteps aimed at limiting the risk prior to launching Discovery last July on its first post-Columbia mission.

Engineersdeveloped a shuttle computer software patch designed to automatically detectand shut down unintended thruster firings within 1.3 seconds, or before stresson the structures would increase enough to cause catastrophic damage.

Power-producingsolar arrays were repositioned to reduce structural loads and prevent possibledamage.

Changesmade

Thosemeasures will be taken on future shuttle flights, too. But safety expertsconvinced once-reluctant managers to carry out other recommended changes thatwere resisted prior to Discovery's launch last summer.

Chief amongthem: intensified inspections of miles of wiring in bundles containingelectrical lines linked to Reaction Jet Drivers.

Specialmeasures are being taken to protect the wiring from chafing so insulationdoesn't wear away and expose conductors that could short circuit.

NASA tookapart and examined a Reaction Jet Driver and determined that the electronicsboxes are not susceptible to age-related failures, Williams said.

Safetyexperts also recommended, and managers approved, new procedures during flight.

• Ground controllers will scour telemetry data for signs of potential electrical shorts before shuttles dock with or depart from the station.
  
  
• Crews will power some orbiter systems prior to docking, trying to uncover any lurking electrical shorts before a shuttle arrives at station.
  
  
• The amount of time Reaction Jet Drivers are electrically powered before a docking or undocking will be cut from one hour to 20 minutes.
  
  
• "Keep-out zones" will be established for astronauts conducting spacewalks near shuttle nose and tail thrusters.

• A shuttle will not use its 38 larger primary jet thrusters when docked to the station unless the outpost must be hauled to a higher orbit and the orbiter's six, smaller thrusters are out of commission.

Futuredanger

As a group,the measures are expected to keep shuttle and station crews safe during theagency's second post-Columbia test flight, scheduled to launch July 1.

Onceoutpost assembly resumes and the station grows larger, renewed dangers willarise.

The largerthe station, the less force it will take to break apart the outpost and adocked orbiter if shuttle jets fire inadvertently.

NASA aimsto continue extensive inspections and modifications to Reaction Jet Driverwiring as well as cables sharing the same bundles.

A permanentfix -- redesigning the Reaction Jet Driver -- would cost an estimated $36million and take at least three years to complete.

NASA'sshuttle fleet remains scheduled for retirement no later than Sept. 30, 2010.

Publishedunder license from FLORIDATODAY. Copyright ? 2006 FLORIDA TODAY. No portion of this material may bereproduced in any way without the written consent of FLORIDA TODAY.