When the space shuttle Challenger lifted off on January 28, 1986 from Kennedy Space Center, only 73 seconds elapsed before the rocket assembly tore apart into a fireball in full view of a stunned world. To understand this catastrophe one needs to visualise a mechanical structure that is best described by engineering drawings, experience of which is not required of readers by Diane Vaughn, associate professor of sociology at Boston College, who says "The fault lay in the rubber-like O-rings". O-rings, which are unfamiliar to many, though some taps contain them, need explaining. When that hardy Dutch lad bravely stuck his finger in the dike he would have benefited from a hard, tight, rubber ring on that finger; the tightness helps to stop leakage between the ring and the finger, while the leakage path around the ring could be jammed tight. A second ring higher on the finger could help block any water that squeezed past the first ring. Even better, each rubber ring could be embedded in a groove encircling the finger, as some wedding rings tend to be. On the Challenger, hot gases were to be kept from leaking through a cylindrical orifice by an O-ring, backed up by a secondary O-ring, each deeply seated in a groove. It is not enough to know that an O-ring is "much like the rubber ring between a Mason jar and its lid". True, a flat washer is a seal, but not suited to plugging a dike against water or a cylinder against gas.
Shortly after launch, flame escaped past an O-ring seal, to play upon the liquid-fuel tank supplying the manned orbiter. The O-rings were needed for the two rockets strapped to the fuel tank. Each contained solid fuel in fragile, segmented steel casings 116 feet high in total and 12 feet in diameter. The O-rings, nearly 38 feet in circumference and 0.28 inches thick, were employed where the segments plugged into each other. Before the launch, temperatures were around freezing, with ice on the launch pad. Since the O-ring material stiffens when cold, there was apprehension at Morton Thiokol in Utah, where the solid fuel segments were made. Late night discussions have been portrayed as pressure from Nasa engineers at Marshall Space Flight Center in Alabama, on several Thiokol vice-presidents who transmitted the pressure to their own uncomfortable engineers. After considering dissent, management voted not to recommend against launch. Evidence produced later to the presidential commission was interpreted in the press as evidence of undue pressure from Nasa and political reasons for the pressure to launch were pointed out.
Vaughn, from extensive interviews she conducted, and from hundreds of thousands of pages from the commission, concludes that the launch decision was a mistake, but not misconduct. The fault lay, she writes, with the system and its culture. She details the interaction among the several Nasa branches and the parts suppliers. Insiders will find items of interest, while outsiders will be fascinated by the complexity, even wondering how the system ever produced safe launches. Of course understanding how Boeing builds a plane, or Ford builds a car, would be just as challenging. Vaughn's story of how she uncovered the workings of this "predominantly male world typically inhabited by aerospace engineers, astronauts, military personnel, and technicians" is interesting too. She tells with disarming candour of teaching about the cause of the disaster. "I realised that I would need to consult people who understood the technical information. But I believed that with sufficient immersion in the case materials and by consulting technical experts, I could sufficiently master the technical details necessary to get at the sociological questions. It was, after all, human behaviour I wanted to explain, and I was trained to do that." Because of the personal details on the course of her investigation the book may well have educational value for sociologists interested in this predominantly male world.
Still, some technical questions (with sociological undertones) that might have been asked, have been missed. Why were the solid rockets not made in Florida in an unjointed steel shell that did not require four massive segments to be precariously mated together after delivery from Utah? This question might have been asked, because the book reports that it was safer to transport four explosive packages by rail than one bigger one. Perhaps the true answer is that the curvature of the rails does not permit such long loads; one would then like to inquire into the human behaviour that influenced the decision to segment the rockets in Utah, only to have them riskily pinned together in Florida.
Marshall Space Flight Center was the original home of US rocket expertise, started by Werner von Braun and German colleagues. What is the level of technical expertise there today? How did the O-ring seal fail? Explanations must have been available because an "improved" seal was later designed. The diagram of the failure shows the inside wall of the "clevis", the annular slit about four inches deep into which the next segment plugs, flexing inwards into the combustion space; this cannot be right. Understanding the failure could be a key to asking the right questions.
One can only agree with the author's conclusion that "the decision to launch the Challenger was a mistake", when one looks at the outcome. But it is not clear what the participants should have done to avoid the accusation of error. Large engineering works are unavoidably based on failure; pyramids, cathedrals, bridges, and dams have collapsed, large oil tankers break in two, Mississippi steamboats have blown up, nuclear submarines have sunk, and the supersonic Comet and F-111s crashed. The disasters told what to avoid; what did not fail was not further strengthened. It is customary to accept the risks of a final advanced design, until otherwise indicated - just as with innovative surgery. To answer the hypothetical question, "What mistake was made in 1996 that allowed the collapse of the Golden Gate Bridge in 1997?" one would like to know the mode of failure; that information cannot be available in 1996. Engineering dissent added drama to a happening that was tragic but nevertheless statistically precalculated. Nasa's safety record, when compared with that of organisations that develop cars, trains, ships, and planes, can only be characterised as admirable.
Ronald N. Bracewell is emeritus professor of electrical engineering, Stanford University.
The Challenger Launch Decision: Risky Technology, Culture and Deviance at Nasa
Author - Diane Vaughn
ISBN - 0 226 85175 3
Publisher - University of Chicago Press
Price - £19.95
Pages - 575