At first glance, NASA's decision to possibly launch even if a sensor glitch reappears suggests that the space agency was wrong two weeks ago to postpone the launch. However, the two decisions actually are very different, and indicate how much NASA's safety culture has improved.
Had NASA decided two weeks ago to ignore the glitch, it would have been a decision based on instinct alone. Had that instinct proved right (that is, nobody dies), it would have begun the process of betraying the hard lessons of Challenger and Columbia. The odds are that the hardware flaws would not have had disastrous consequences — but the decision to fly anyway, in the face of them, could well have.
The decision to launch this time, in the event of a sensor "hiccup" of a very specific type, will be made in the full sunlight of massive amounts of investigation, analysis, and cold-blooded calculations of safety principles. It may or may not have happy consequences (anything can happen, especially in space), but it will be fully consistent with the best practices of hazardous operations. These standards have in the past led to safe space flights, and past occurrences of forgetting such principles have been at the root of NASA’s worst space disasters.
Plugging the "culture hole"
Columbia and its crew were lost not so much as a result of a hole in the heat shield, as from a hole in NASA's safety culture. The hazards of impacts on the shuttle’s underbelly from debris off the fuel tank were "instinctively" understood, space officials thought, but a full range of verification testing had never been performed. The result of the particularly large impact when Columbia was launched was not thoroughly investigated — it was deemed too much trouble to get better pictures of the impact area, much less ask the astronauts to take a spacewalk to look closely — and so self-imposed team-wide ignorance became a shroud to hide behind in avoiding inconvenient worries.
The same mindset, an assumption of instinctive "all right" when testing and experience didn’t validate such views, also destroyed Challenger. Would the booster seals hold at the unusually low temperatures? Nobody had shown they would, but managers under pressure from an unrealistic launch schedule turned engineering judgment on its ear by demanding skeptics prove that the seals would not hold.
The same mindset exposed American astronauts aboard the Russian Mir space station to a sequence of near-death experiences, from fires to collisions to end-over-end out-of-control tumbling, as NASA officials kept telling themselves that “there is no current evidence that Mir is unsafe,” without ever asking how they would be given such evidence if the Russians didn’t want them to see it.
But the day-and-night difference in safety decision-making is now being illustrated by the challenge of getting Discovery, and the entire space shuttle program, back into space. If troubles return with the persnickety sensor, NASA officials have developed well-defined and well-thought-out options for deciding which of the problems will not threaten flight safety, and which might.
Documents provided to MSNBC.com detail the reasoning and the technical background of the decision made July 20 after “healthy debate” at the Mission Management Team meeting at Cape Canaveral. The meeting was opened with a wry remark that it was the thirty sixth anniversary of the first moon landing, and NASA was still struggling to get back into low Earth orbit.
Experts agreed that the leading theory of the glitches — spurious signals leaking into the box through bad electrical "grounds" — could not be categorically proven, and there wasn’t even uniform agreement. Cleaning up the ground was deemed “mandatory” to fly.
An hour was spent on considering the differences between the likelihood of multiple failures caused by a generic design flaw versus failures caused by a single common cause (such as power loss). This in-depth discussion laid the groundwork for estimating the odds of a second sensor problem, based on the possibility of a single problem occurring.
All the hazards associated with additional testing were balanced against what might be found out (“Don’t worry about what the press may say,” an official advised), and a consensus emerged that proceeding directly to a launch attempt was safest. A detailed plan on what to do in case of new failures was then drawn up.
In the final hours of the countdown, that plan will be put into operation. These internal documents show it to be a mature, well-founded strategy, not a "by-guess-and-by-golly: mindset with "full-steam-ahead" attitudes.
It’s the only way to fly this mission, and to fly a rescue mission if this crew does wind up stranded on the space station, and to fly the remaining space shuttle missions as the aging vehicles show more and more quirkiness of old age. It’s the only way to fly if there’s any hope of avoiding the judgment flaws that have already killed far too many astronauts.
James Oberg, space analyst for NBC News, spent 22 years at the Johnson Space Center as a Mission Control operator and an orbital designer.