Why America needs to embrace a culture of risk in order to build the next-generation space program.
- By Konstantin KakaesKonstantin Kakaes is a Schwartz fellow at the New America Foundation. He reported this piece with funding from the International Reporting Project and the Stanley Foundation. Follow him on Twitter @kkakaes.
Two rockets crashed last week: one carrying cargo to Earth orbit, the other on a test flight for a suborbital manned spacecraft. It will take some time for the causes of each accident to emerge; there is no reason to believe the accidents have anything specific, besides timing, in common.
Both are examples of what sociologist Charles Perrow famously dubbed "normal accidents": catastrophes that should properly be blamed not on the proximate cause — a loose lever or jammed valve, say — but on the inherent complexity of technologically intricate systems. As he wrote, "Risk will never be eliminated from high-risk systems." In fact, Perrow argued that singling out the particular thing that has gone wrong can be counterproductive: "Since [redundancy] is often added after problems are recognized, too frequently it creates unanticipated interactions with distant parts of the system that designers would find it hard to anticipate."
On Oct. 31, Virgin Galactic’s SpaceShipTwo crashed, killing one of the two pilots. According to the National Transportation Safety Board (NTSB), a government body that is in charge of the official crash investigation, nine seconds after SpaceShipTwo’s rocket engine ignited, the tail structure prematurely rotated, in a process known as "feathering." (You can see what the transition looks like in another flight, at about 2:30 in this video.)
By design, two levers need to be moved in order to switch the spacecraft into feathered mode, according to the NTSB. Telemetry data indicate that only one of the levers had been moved. A lot of effort will rightly be devoted in the coming weeks and months to figuring out exactly what caused SpaceShipTwo to feather when it shouldn’t have. But Perrow’s point in Normal Accidents pertains: The thing that apparently caused the accident is exactly the feature its designers were most proud of. As Virgin Galactic’s safety page read before it was taken offline after the accident:
Perhaps the most radical safety feature employed by SpaceShipOne and now SpaceShipTwo is the unique way it returns into the dense atmosphere from the vacuum of space. This part of space flight has always been considered as one of the most technically challenging and dangerous and Burt Rutan was determined to find a failsafe solution which remained true to Scaled Composite’s philosophy of safety through simplicity. His inspiration for what is known as the feathered re-entry was the humble shuttlecock, which like SpaceShipTwo relies on aerodynamic design and laws of physics to control speed and altitude…. The feather configuration is also highly stable, effectively giving the pilot a hands-free re-entry capability, something that has not been possible on spacecraft before, without resorting to computer controlled fly-by-wire systems.
SpaceShipTwo’s "most radical safety feature" appears to be the very reason it crashed. The lesson to be learned here, though, is not that feathering is a bad design; it is arguably exactly as clever as Virgin’s promotional material made it out to be. But there are no "fail-safe" solutions, and no simple spacecraft.
The first crash last week was arguably of a much simpler craft. On Oct. 28, an Antares rocket built by Orbital Sciences was deliberately destroyed after it malfunctioned seconds after takeoff from NASA’s Wallops Island facility in Virginia. I went to Wallops Island a year ago to watch the launch of a Minotaur, a smaller rocket also built by Orbital. (The Minotaur and Antares are both based in part on old American Peacekeeper missiles; Antares also has Russian-built engines in its first stage.)
But make no mistake: Nothing is simple in spaceflight. Unless you see a rocket launch in person, you miss just how improbable it is that the contraption works.
From a few miles away — as close as most observers are allowed to get — a giant explosion unfolds on the horizon, then a small cylinder rises atop a bright light. And then, seconds later, the sound hits you. The deep rumble’s abrupt arrival comes as a shock. Even for a relatively small rocket like the Minotaur, the sound is everywhere — as if the Earth has been provoked in some primal way. It is evidence of an extraordinary amount of energy being released quickly. (The energy of a space shuttle launch is about one-tenth that of the nuclear bomb that exploded over Hiroshima.) So perhaps it should not be surprising when a rocket crashes, as two have done in recent days. The truly surprising event is the one we have grown accustomed to: when a rocket doesn’t blow up, and instead rises in stable flight.
As XKCD‘s Randall Munroe ably explains, it is much harder to get to orbit than to merely get to space. (There is no distinct border between the Earth’s atmosphere and space — convention defines the edge of space at just over 60 miles above sea level.) But launching something big enough to carry people even on a suborbital hop and returning them safely to the ground is not easy either, which is why Virgin Galactic has been developing a number of novel techniques for doing so. The feathering solution that SpaceShipTwo was using is potentially so useful because re-entry is just as tricky a technical challenge as launching a rocket.
And so Virgin Galactic — and its corporate relatives The Spaceship Company and Scaled Composites — will find their cultures under scrutiny. In a Nov. 2 statement, Virgin Galactic reiterated its aspiration "to pursue the vision of accessible and democratized space — and to do it safely." But the company would be better off with a forthright acknowledgement of what it must surely know to be true. A vision of "accessible and democratized space" entails accepting, for a time, a higher degree of risk. "A complex system has an increased chance of failure," Virgin wrote on its promotional website. This is true; Virgin’s fallacy is in claiming that its system — a highly complex one, as a spacecraft must be — is simple.
Richard Branson’s company is the most prominent entrant in what it hopes will develop into a burgeoning market for space tourism. Along with SpaceX, it is the most publicly visible of a new generation of space firms that got their start with funding from wealthy individuals and are seeking to challenge the hegemony of old-line aerospace contractors like Boeing and Lockheed Martin.
Orbital, which built the Antares rocket, is the most important precursor to these firms, and its 32-year history has some lessons for them. Orbital was founded in 1982 by three Harvard Business School graduates who were frustrated, as the New York Times wrote in 1983, at "the lack of entrepreneurs willing to take risks to ‘make things happen.’"
Orbital’s Pegasus, which first flew in 1990, was the first commercial system to launch satellites into orbit from an airplane. It was also the first privately funded space-launch vehicle of any type. Orbital is currently working with Scaled Composites to build an air-launched rocket much bigger than either the Pegasus or SpaceShipTwo that could carry large payloads to orbit. But although Orbital’s other potential venture is path-breaking, Antares, the rocket that exploded last week, represents the opposite end of the spectrum of commercial rocket development from SpaceShipTwo.
Antares is a hodgepodge of old engines. The first stage, where the problem that led to the crash very likely occurred, is comprised of modified Soviet-era NK-33 engines. The NK-33 was designed for the ill-fated N-1 rocket, which was to have been the Soviet moon shot, had it not crashed every time it was launched. The second N-1 crash, on July 3, 1969, weeks before Apollo 11 landed on the moon, was one of the largest non-nuclear explosions in history: "I saw without exaggeration the end of the world, and not in a nightmare but while fully awake and standing right next to it," one Russian officer later said.
The problem with success
Failure is fetishized in some high-tech provinces of the American business community. Samuel Beckett’s "Try again. Fail Again. Fail better" has become a slogan of sorts, denuded of its original meaning. Even if dot-com types embrace the idea of failure, they mean failure to become the next Google or Facebook. Real failure, the kind that results in death and destruction — like both rocket explosions — is hard to swallow these days. Already, as the Wall Street Journal reports, the Federal Aviation Administration (FAA) may be moving toward a regulatory clampdown on Virgin Galactic and its competitors.
Such regulatory scrutiny is likely to do more harm than good. Branson has offered refunds to those would-be space tourists who have already booked flights with his company. Potential Virgin Galactic customers would be silly to take him up on the offer, even if the company’s marketing rhetoric exaggerated its safety and simplicity. If you’re not aware that the risks of spaceflight remain real, you have no business giving Virgin a $250,000 deposit.
By the dawn of the space age, there was high tolerance for failure that resulted in the loss of rockets, but didn’t kill anybody. Rockets blew up all the time in the 1950s and 1960s, but usually not ones carrying people. Three Apollo astronauts died in January 1967 when their cabin caught fire, and a cosmonaut died months later when his Soyuz parachute failed to open.
By contrast, the early days of aviation were marked by death. On Sept. 17, 1908, Orville Wright’s co-pilot Thomas Selfridge became the first person to die in an airplane crash. As Tom Crouch writes in Wings, a history of aviation, 34 aviators died between 1908 and 1910. As aviation became more popular, the death toll rose: 84 pilots died in 1911 and 143 in 1912. Failure is not inherently praiseworthy, and nor were the early days of aviation a halcyon age of innovation. The Wright brothers pursued patent litigation that crippled the nascent American aviation industry, as Crouch notes. Acceptance of the inevitability of accidents that cause loss of life is a necessary condition for progress.
And, of course, today’s engineers have all manner of diagnostic tools that simply didn’t exist hundreds of years ago. We should have fewer fatalities. But we should also show fortitude when catastrophes happen.
The question is whether failure comes in pursuit of a credible and desirable vision of progress, or for other reasons. In this regard, it’s much harder to defend Orbital’s attempts to launch relatively cheaply (and thus make a profit) using old Russian equipment than it is Virgin’s attempts to create a fundamentally new spacecraft.
The problem is that, in recent years, the failures of America’s space program have been of the worst sort. The tragedy of the Challenger, the space shuttle that crashed in 1986, was not that its right solid rocket booster exploded, but that it exploded for reasons that the engineers who built the solid rocket boosters had foreseen. It was not a failure in pursuit of new knowledge, but failure to listen to the engineers who knew the limitations of the system they had built. The same was true of the space shuttle Columbia’s disintegration upon re-entry in 2003. It failed because of "organizational barriers that prevented effective communication of critical safety information and stifled professional differences of opinion," the official investigation board found.
As James Oberg, a space analyst and former NASA engineer, wrote in 2005 of both shuttle accidents and the Apollo fire, "None of these people needed to die; their deaths taught NASA nothing that it shouldn’t already have known."
Too little is yet known about the causes of either the Antares or SpaceShipTwo crashes to come to a judgment about whether the failures are of the sort that must be accepted in the pursuit of progress, or are similarly reflective of bureaucratic pressures. An excellent Popular Mechanics feature from October explains that SpaceShipTwo’s rocket motors have been plagued with problems for years. However, at least for now, the rocket motors appear to have been blameless in the crash.
Let risk-takers take risks
I am inclined to cut Virgin Galactic some slack. Their engineers are not responsible for the company’s marketing documents. Intense scrutiny from the FAA in the space tourism market would be a restraint on the sector that has displayed the greatest capacity to innovate. The FAA subjects airlines to intense scrutiny. This is as it should be — commercial flight has become a necessity of everyday life. But no one needs to go on a suborbital flight to visit family or close a deal; it is a purely voluntary activity. The government should let risk-takers take risks.
It would be a mistake to try to regulate Virgin Galactic like an airline. A better regulatory model for the nascent space tourism industry is skydiving, which is subject to some basic restrictions meant to guard the safety of people on the ground. People who enjoy jumping out of planes are self-regulated by the United States Parachute Association, which is recognized by the FAA and works in conjunction with it. This allows for sensible regulation to be written by knowledgeable participants, cognizant of the risks they are voluntarily taking. The time for strict regulatory supervision will come only when and if Virgin Galactic succeeds in its project of "accessible and democratized space," and one day makes space travel as common as air travel was in 1926, when Congress passed the Air Commerce Act, which established the precursor to the FAA.
But this means that Virgin, also, should be honest about the risks. At the time of writing, the corporate webpage had been taken offline and replaced by terse statements directing press inquiries to a public relations firm. Ham-fisted attempts to keep embarrassing boasts like their safety page out of public view are neither effective nor helpful.
Much has changed since the Russians developed the NK-33 in the late 1960s, but the basic physics of getting to orbit hasn’t. It will continue to take the equivalent of a small nuclear explosion to get a spacecraft to orbital velocity; doing so will not become risk-free anytime soon. Even for suborbital spacecraft like SpaceShipTwo, a single, small failure can be catastrophic. Maybe one day the technology will be so refined as to make space trips routine, just as trips on very, very complicated passenger jets are today. That day, if it ever comes, is some ways away.
The vastly improved capacity for data-gathering from inside rockets means that troubleshooting today can be more detailed than in the past, and rocket flight more controlled. SpaceX’s remarkable flight in the summer of 2013, in which a rocket took off in Texas, flew sideways, and landed again on its own exhaust plume, is evidence of that progress. (The SpaceX rocket self-destructed in a later flight earlier this year; further proof that progress is tough.) The designers of the NK-33 could not have contemplated this revolutionary technology. The air-launched efforts of Virgin Galactic and Stratolaunch, a venture funded by Microsoft’s Paul Allen (in which Virgin Galactic’s partner Burt Rutan is also central), promise fundamental breakthroughs in an arena that has been ruled by incrementalism for decades.
Government and, by extension, government contractors have been reluctant to take bold risks in spacecraft design for many institutional reasons, not least among them budget constraints that for years kept the lights on at NASA but didn’t allow for progress. That has begun to change with the influx of money from space-hungry investors like Branson, Paul Allen, Elon Musk, Jeff Bezos, and others. But those investors eventually need customers to validate their ambitions.
The first customers will be those who are able and willing to accept the risk that they might die. There is nothing particularly rational about this willingness; the prudent space tourist will wait for others to take the risks first. Progress depends on the imprudent tourist, and the best way to honor Michael Alsbury, the SpaceShipTwo pilot who died on Oct. 31, is to pause long enough to learn the engineering lessons that must be learned from the crash that cost him his life, but no longer.
Using decades-old surplus Soviet engines in a 2014 rocket launch is an eminently reasonable idea. But a minimally regulated market for space tourism, with a healthy attitude toward risk, is our best hope for advances that would, one day soon, make the idea of launching a rocket with 40-year-old engines sound laughable.