CASE STUDY 5.

NASA CHALLENGER DISASTER

EXECUTIVE SUMMARY
The challenger disaster occurs the 28 of January of 1986 when the NASA space shuttle Challenger explode after 73
seconds of fly, leading to the dead of their 7 crew members and becoming one of the worst space disaster ever happened in
US history, the chain of events starts the 22 of January when due to a technical delays in a previous mission, bad weather in
the Transoceanic Abort Landing (TAL) and technical issue in the ship NASA was force to reschedule the launch date from 22
to 28 of January, that was a particular cold day with temperatures close to 1 C (30 F) that decrease the elastic property of
one critical component the O-ring making it to lose their seal properties, leaking high volatile fuel outside the storage
which combined with the external forces at that altitude unleash an explosion that destroyed the fuel tank and the space
shuttle.
The final conclusion appointed by the Rogers Commission is that the explosion was caused by a failure in the O-ring sealing
of the right solid rocket booster due to a poor design and an untested operation under low temperatures, the same kind of
O-ring was used several times before and previously the engineers team found an issue with the O-ring design, but any
concerns about it was discarded considering that if the main O-ring fail, the secondary backup will do the job properly.
This is one of the first sings of poor safety culture inside NASA where an element classified as Critical 1 (element with poor
or none redundancies) with a previous unexpected behaviour continue in use as standard without any further investigation
or improved design.
Thiokol the fabricators company of the rocket initially advice that the lunch must be suspended because their engineers
have seriously concern about the O-ring capacity under lower temperature condition, but that statement later was
retracted and conclude they doesnt have enough evidence to conclude, but this action wasnt do it for it engineering team,
in fact the team engineer refuse to support and sign that decision, this was a mere administrative decision when NASA
manager considering an unreality perspective and giving priority their public relationship over any other aspect push
Thiokol manager to change their advices using their power as client and possible suggesting that they could to lose their
fabrication contract.
Despite the fact that the main reason of the disaster was technical issue of a critical component, there were several human
mistakes that lead to the final result of the challenger disaster. First, the use of a critical element with poor design, second
the omission of evidence found of a poor behaviour under extreme conditions, third, the lack of effective communication
between Thiokol engineer team and NASA to transmit their concerns about the launch under extremely lower temperature
and finally, the pressure exerted for NASA management to obtain an approval of Thiokol team to launch that day, all this
give human mistakes combined with a technical issue ended in a disaster of great proportions. NASA actions before and
after the disaster was irresponsible and negligent, their push Thiokol to accept and supported their decision of launch under
the low temperature even when Thiokols engineers team express their concerns about that conditions, their NASA put
their own interest over their crew safety, their managers also hide or discard crucial and they also want to transfer the
responsibility of the launch in a third party company, that even their were the fabricators of the rocket and the end NASA
reasonability is protect the investment and the lives of the people under their charge.
NASA institutional culture also impact the decision of the launch nonetheless rather to follow the protocol and the common
sense, they prefer to use something that wasnt tasted under extreme conditions and believe that everything will be fine
just because there is not contrary evidence of it, when they shouldnt do the opposite, that same culture affected later
investigation when their tried to handle all information related to the case with secretiveness and the obduracy to accept
their responsibilities a clear example was their manager attitude Lawrence Mulloy to maintain the position that based on
the data they have no other decision could have been made.
At the end Challenger disaster could be prevented as many other disasters in the world if the people involved do a properly
risk management analysis, identify the threats ant take the properly actions about it, that is why challenger must be
classified as disaster and no an accident, because there were many opportunities to prevent it but nobody do enough.

MODEL RISK MANAGEMENT NASA CHALLANGER DISASSTER

Identification and assessment of threats

1. Bad weather condition for launch
2. Techinical issue with any component

Prioritize risk reduction measures

Assessment of vulnerabilities of assets to specific threats

1. Launching reschedule

1. Fuel tank very vulnerable (high volatile fuel)

2. Testing components under extreme conditions

2 Shuttle in vulnearable postion (doesnt have any

emergency "escape")

3. Redesign critical componentes

3. Crew memeber rely their lives in NASA engineering

Identification of measures to reduce risks

1. Launch on higher temperature.
2. Test all components for future use under diffrenet
conditions
3. Improve comminication between NASA and
enginnering teams.

Determination of consequences and probability of

meeting threats and vulnerabilities
1. Launch techinacl failures
3. Bad wheater condition

MODEL EVALUATION
NASA risk management model for the launch of challenger was a completely failure, first they make a properly identification
of the threats:

Bad weather conditions

Possible technical failure of a component under normal operation.

But they fail to assets the vulnerability of the solid rocket booster under operation outside the tested parameter in previous
launches, and fail to determine the possible consequences of a (O-ring failure).
The dont really have any backup measure to protect the life of their crew, the shuttle doesnt count with any kind of ejection
method parachutes, etc., this equipment was presented just in the first launches of the shuttle program but after that was
removed considering unnecessary, expensive and heavy.
NASA also fail to identify possible measures to reduce the risk the particular risk of the O-ring, refusing to postpone their
launch date to one with a better weather condition, they also fail to have an effective communication with Thiokol engineers
and fail to make pressure into Thiokol team to accept and support a decision without a technical fundament.
At the end this model should be the best model to use for this particular case and if it was done properly the identifiable risks
are so obvious that in order to preserve the integrity of the ship and the lives of their crew, postpone the launch would be
the natural action to take.