## Know the Risks

When people say, "They knew the risks," they usually mean, "They knew they could be killed."

But knowing you might die is not the same thing as knowing the risks—it is only knowing a possible outcome. What "knowing the risks" really means (to rocket scientists) is knowing the numbers, the probability that you might die. For example, the probability that you (or I) will be killed in an automobile accident is one in eighty, a little over 1 percent. This is the average number over the course of a lifetime.

Each time you board an airliner, you take a risk of about one in a million of dying (about the same as for each car trip). Astronauts have a one in fifty chance of dying during a shuttle flight. Knowing the risk—the probability—is the first step to dealing with it.

Now you may well ask: "How can we know a number like that?" A fair question. In many cases, the number is very well known because of the large amount of data. The risk of death in an automobile accident is well established by insurance actuaries who calculate insurance premiums. They must accurately assess the risk in order to offer competitive rates, while ensuring a profit. And they do it very well. (Otherwise, the insurance companies could lose their shirts.)

It is often said that you can lie with statistics. But—it's even easier to lie without them. When statistics are used correctly, they can bring us closer to the truth.

In the case of space exploration, the probabilities are more uncertain because of the paucity of data. The statistics of 100

million drivers give insurance actuaries far greater confidence than the statistics of hundreds of space missions give rocket scientists. But rocket scientists have another trick up their sleeves: failure analysis. Failure analysis is a branch of mathematics that can be applied (in a study of the myriad components of a single rocket) to determine how often the rocket will blow up. A great deal of space mission planning depends on such probabilistic models.

The U.S. Air Force did a failure analysis of the shuttle, well before the Challenger crashed in 1986. They estimated a launch failure rate of 1.5 percent at the time that NASA touted a failure rate of 1 in 100,000. Upon hearing the NASA number, Richard Feynman commented: "That means you could fly every day for 300 years without seeing a crash." It defied common sense.

Aerospace engineers have understood and applied risk assessment for many decades. The reason that airline travel is so safe is because they really know the risk and have done something about it. For example, the landing gear in an airliner has a failure rate of about one in a thousand. However, all airliners carry at least two independent backup systems that each have the same failure rate. By the rules of probability, the chance that all three systems would fail is one in a billion. That is precisely why you rarely hear of an airliner crashing due to landing gear failure.

Rocket scientists understood the risks—knew the numbers— and made sure that the Mercury, Gemini, and Apollo astronauts had viable escape systems to save their lives in case of a launch failure. And as we have discussed earlier (but it bears repeating), these lessons were forgotten or ignored when the shuttle was built.

In interplanetary space exploration, rocket scientists knew that in order to ensure the success of their robotic missions, they should build twin spacecraft. They realized that it was not as expensive to build a second, duplicate spacecraft because most of the cost was in the design of the first spacecraft, and they understood that the chances of success were much better with two spacecraft instead of one.

This commonsense approach was applied in the Mariner missions to Venus and Mars and really paid off. Mariner 1 and Mariner

### Chapter 26 Know the Risks

2 were twin spacecraft designed to explore Venus. On December 14, 1962, Mariner 2 succeeded in confirming that the cloud-enshrouded planet had a surface temperature exceeding 800 degrees Fahrenheit, as predicted by Carl Sagan. Mariner 1, launched previously, disappeared into the Atlantic Ocean.

Mariners 3 and 4 were sent to explore Mars. Mariner 3 crashed due to a launch failure, but Mariner 4, launched in November 1964, succeeded in sending back twenty-one (and a half) pictures proving for the first time that Mars had craters like those on the moon.

Voyagers 1 and 2 were launched in 1977 to explore Jupiter and Saturn and to take advantage of a planetary alignment of two other planets, Uranus and Neptune, a rare event occurring every 175 years. This planetary alignment gave rise to the term "Grand Tour," meaning that four planets could be reconnoitered by a single spacecraft.

The nominal mission was to explore Jupiter and Saturn. If Voyager 1 failed, then Voyager 2 would serve as backup, giving up the Grand Tour in the process. On the other hand, if Voyager 1 succeeded, then Voyager 2 would be targeted toward Uranus and Neptune, taking advantage of a gravitational slingshot off of Saturn. In the case of the Voyager missions, both spacecraft were spectacularly successful, and the scientific return was far greater than that of the nominal Jupiter-Saturn mission.

Because rocket scientists were conservative about risk, they overbuilt their spacecraft—and those spacecraft sometimes exceeded all expectations. Another example was the Viking mission, which searched for life on Mars. In July 1976, Viking 1 landed on Mars and operated flawlessly. Viking 2 followed suit in August. The only failure was the failure to detect life. (But it's not the spacecraft's fault if there isn't any life there.) Both spacecraft performed all the biological experiments. They survived on Mars for years, far beyond their mission plans, and were eventually turned off due to lack of funding to continue monitoring them.

In the 1980s, these lessons of redundant robotic spacecraft were promptly forgotten and NASA built a single, extraordinarily complex spacecraft, the Galileo, to orbit Jupiter. JPL mission planners argued the benefits of building a twin, launching the first spacecraft to Jupiter, and if that mission was successful, launching the second craft to Saturn. NASA headquarters rejected this suggestion (because of the expense), and only a single spacecraft was built to orbit Jupiter. The Galileo spacecraft very nearly failed when its high-gain antenna (used to transmit high-definition pictures and to navigate the craft) failed to open. Thanks to the creative engineering pulled off by the mission designers at JPL, the mission was a success, albeit with far fewer images of Jupiter and its moons.

Recently, NASA has returned to the practice of building twin spacecraft. After two 1999 missions failed (the Climate Orbiter and the Polar Lander), NASA sent twin robotic rovers, Spirit and Opportunity, to Mars. Both rovers landed in January 2004 and were highly successful. About the same time, a Japanese spacecraft, the Nozomi, and a European probe, Beagle 2, both failed in their missions to Mars. These failures are a reminder of the high risk in space exploration and of the importance of employing redundant spacecraft to combat the risk.

0 0