The remarkable robustness of the international space station, which has gone for two and half years without space shuttle resupply and repair, comes as no surprise to one of its former residents, Susan Helms.
Helms is a veteran NASA astronaut who made three shuttle missions in the 1990s, then helped assemble the station during a fourth mission in 2000. The fifth spaceflight, in early 2001, was her longest trip yet. She became a member of the space station's second long-term crew, spending 163 days aboard the outpost and engaging in a record-breaking nine-hour spacewalk.
“People who had a sense that ISS wouldn't really last this long probably don't see ISS the way I do,” she told MSNBC.com in an e-mail interview. Speaking as U.S. Air Force flight test engineer as well as a NASA mission specialist astronaut, she gave her perspective on the station’s design and explained how lessons from its recent challenges need to be applied to building NASA's next-generation vehicle for human spaceflight.
Helms pointed out that the space station comprises modules designed by NASA and its U.S. contractors, as well as modules designed by the Russian Space Agency and its industrial partners.
“It's essentially two space stations joined together by a hatch, and its overall redundancy by being a 'two-in-one' design has been its saving grace,” she said of the international space station. “Each space station has a significantly different design philosophy, but each one is also capable of many functions that can 'carry' the other one simultaneously.”
As a result of this design philosophy, she continued, “by having such different approaches, each space agency ultimately played to different strengths of their system designs, and in effect, created a larger 'system of systems' that can manage a wide variety of contingencies.”
Attitude control — orienting the station in a desired posture as it circles Earth — is an example of a critical function that is independently enabled by both American and Russian hardware. This function “is incredibly important to power supply and thermal control,” she said, and it “can be controlled by either the U.S. gyrodynes or the Russian propulsion system.”
“The beauty of the [American] gyrodynes is that they require no consumables,” she elaborated, “but the beauty of the Russian system is that it's incredibly reliable and built for robustness. Neither system is perfect, but managing them in a synchronized fashion has created an overall capability that is greater than the sum of the parts, in the face of the unexpected.”
How the station handled a crisis
One control crisis during her mission turned out to need exactly such robustness.
“I remember when all three computers on the U.S. segment simultaneously experienced a generic failure, due to something the designers had not foreseen,” she recalled “Luckily, the U.S. engineers had built to a 'fail-safe' design philosophy, so that all of the U.S. systems — thermal exchange, power management, and the like — controlled by the computers went into 'auto-pilot' instead of shutting down.”
The control systems were idling "off line," but had not stopped functioning.
Since the Russian half of the station had its own systems for these same services, the temporary loss of the U.S. systems was only a nuisance and not a crisis. “The Russian segment picked up the slack in managing environmental life support and attitude control, and the situation was therefore never perceived by the crew as life-threatening, even with a total U.S. computer failure,” Helms said.
Even as the Russian systems stepped in to save the day, other U.S. systems were available to help the crew recover.
“Because the U.S. segment had a more robust communications system than the Russians,” she continued, “we would have been able to talk to Houston only through Russian ground sites, but as luck would have it, [a shuttle mission] was visiting at the time this happened, and we were able to leverage the shuttle comm systems to get our daily messages and maintenance procedures for the computers.”
The communications link meant that the station's crew members didn’t need to figure out the problem on their own. “I still think that the members of the ISS [ground control] team are heroes for figuring out quickly how to get around the computer problem!” she added.
Taking a licking, but still ticking
The dual nature of the space station's design was the reason why the space station was able to take such a licking and keep on ticking.
“It was a major contingency to lose all of your U.S. ISS computers,” she admitted, “but the redundancy from the Russian segment — and its ability to be impervious to the root cause of the problem — kept the situation from becoming life-threatening, and that was the real key,” she said.
“The two attitude control systems also have differences in contingency management,” Helms added, in remarks focuing on the systems engineering behind their paired operation. “If the U.S. segment loses its brains, it needs a state vector [a precise description of its location and velocity] uplinked from the ground to recover. If the Russian segment loses its brains, it goes into a mode of looking for the sun and Earth, and rebuilding autonomously a state vector based on inertial references, in case the ground can't lock on with commanding.”
She was intrigued to examine “the difference in design philosophy on how bad you think things could get,” and she suggested it showed how different design approaches could motivate each side’s engineers to develop more robust systems in the future.
“So we've been fortunate that the Russians and Americans integrated their stations together,” she feels, with one caveat: “But not too much, because the enduring nature of the ISS really lies in its diversity.”
“I for one am glad that the ISS spacecraft is a combination of multiple design philosophies,” she concluded, “because as most engineers know, there is no one perfect design that meets the needs of all situations. Multiple design approaches in one machine can really broaden your ability to manage the unforeseen and the unpredictable.”
Lessons for future spaceships
Helms believes the space station's unexpected but gratifying robustness provides lessons that need to be applied to NASA's next spacecraft for manned voyages, the Crew Exploration Vehicle. “Unless there is another joint U.S./Russian-designed spacecraft, I hope that those who are involved with the design process for the Crew Exploration Vehicle spend a great deal of time studying the qualities of ISS that brought it through adversity,” she said.
She recommended that designers “note the nature of the hardware that failed, and note the nature of the hardware that can easily be recovered. They'll notice a theme of simplicity, designs that are inherently reliable, commonality of components, and easy subcomponent maintenance that doesn't require complex tools.”
In particular she stressed the importance of “redundant ops for critical systems like oxygen and CO2 removal.”
“There are also many lessons from ISS concerning the predictability of failure modes for major systems,” she added, for both large and small problems. “One thing we really can't afford is to be 'off the mark' on this for an exploration mission.”
She summarized what the space station's success has taught her: "It seems to me a lot of effort should go into operation concepts that drive design toward the simple yet robust approach."
More than five years of continuous occupation — with half of it managed by the two-man "skeleton crew" with minimal logistical support from Earth — provide an opportunity to develop "accountability for why predicted versus actual failures have been so diverse in the past," she said.
With these themes, Helms believes future astronauts can confidently venture far beyond low Earth orbit in spacecraft reinforced by the lessons of the international space station.
James Oberg, space analyst for NBC News, spent 22 years at the Johnson Space Center as a Mission Control operator and an orbital designer.