Lack of an adequate integrity-assurance philosophy
The second primary factor was that the development of the Space Shuttle system was undertaken at a time when the engineering ability to predict the safety of reusable flight systems was undergoing a significant revolution. This effort was being undertaken in the aviation industry and primarily with U.S. military aircraft. The military’s need for increased performance—speed, range, and bomb load—led to the need for increased structural and material performance in the airframes and engines. This required the use of new alloys that, it was later determined, had an increased propensity to crack and fail under repetitive load cycles—every time a fuselage would be pressurized and depressurized, for example. When this issue emerged in the operational military aircraft in the late 1950s, a major program to improve the “structural integrity” of new aircraft was undertaken. By the mid-1970s, this became institutionalized within the U.S. Air Force under the Aircraft Structural Integrity Program (ASIP) and a comparable Engine Structural Integrity Program (ENSIP). New “damage tolerance and durability” design criteria, computer-based structural analysis tools, new material alloys and manufacturing methods, new load-cycling ground certification structural testing, and periodic re-certification of each flight system’s structural integrity were implemented.
A primary benefit of this new ASIP/ENSIP program was that it created a beneficial “mindshift” in the thinking within the aircraft structural design community. For example, determining how an airframe or engine could fail due to cyclic loads or corrosion, determining what the mission or flight safety consequence of the failure would be, and, then, either by design changes or implementing specific periodic inspection methods, the potential for failure is mitigated. At all times, increasing the safety, improving the “flight readiness rate”, and decreasing the “cost of ownership” of a military aircraft fleet was the priority. Older military flight systems that were cost-prohibitive to upgrade to meet the new ASIP/ENSIP standards were mothballed and new designs were brought into operation. As these new standards matured, the American aviation industry transitioned this new “industrial mastery” in structural safety thinking to the commercial aviation industry, consequently helping to ensure continued American leadership in this important industry.
The design and operation of the partially-reusable Space Shuttle system was not undertaken with a comparable ASIP/ENSIP integrity philosophy. The failure of the O-rings in the SRB that led to the loss of the Challenger in 1986 was a known failure that was not eliminated by redesign or adequately controlled by inspection and operational constraints. There was no effective professional engineering integrity philosophy against which to “test” a problem and the proposed solution for adequacy. Seventeen years later, the shedding of foam insulation from the External Tank, which led to structural damage of the Columbia’s flight-critical thermal protection system and loss of the Columbia, was a known failure that was not eliminated by redesign. Again, there was no effective integrity philosophy against which design/manufacturing changes to the foam insulation could be adequately evaluated.