The Importance of HRA in Human Space Flight: Understanding the Risks

Human performance is critical to crew safety during space missions. Humans interact with hardware and software during ground processing, normal flight, and in response to events. Human interactions with hardware and software can cause Loss of Crew and/or Vehicle (LOCV) through improper actions, or may prevent LOCV through recovery and control actions. Humans have the ability to deal with complex situations and system interactions beyond the capability of machines. Human Reliability Analysis (HRA) is a method used to qualitatively and quantitatively assess the occurrence of human failures that affect availability and reliability of complex systems. Modeling human actions with their corresponding failure probabilities in a Probabilistic Risk Assessment (PRA) provides a more complete picture of system risks and risk contributions. A high-quality HRA can provide valuable information on potential areas for improvement, including training, procedures, human interfaces design, and the need for automation. Modeling human error has always been a challenge in part because performance data is not always readily available. For spaceflight, the challenge is amplified not only because of the small number of participants and limited amount of performance data available, but also due to the lack of definition of the unique factors influencing human performance in space. These factors, called performance shaping factors in HRA terminology, are used in HRA techniques to modify basic human error probabilities in order to capture the context of an analyzed task. Many of the human error modeling techniques were developed within the context of nuclear power plants and therefore the methodologies do not address spaceflight factors such as the effects of microgravity and longer duration missions. This presentation will describe the types of human error risks which have shown up as risk drivers in the Shuttle PRA which may be applicable to commercial space flight. As with other large PRAs of complex machines, human error in the Shuttle PRA proved to be an important contributor (~12 percent) to LOCV. An existing HRA technique was adapted for use in the Shuttle PRA, but additional guidance and improvements are needed to make the HRA task in space-related PRAs easier and more accurate. Therefore, this presentation will also outline plans for expanding current HRA methodology to more explicitly cover spaceflight performance shaping factors

The Importance of Human Reliability Analysis in Human Space Flight: Understanding the Risks

HRA is a method used to describe, qualitatively and quantitatively, the occurrence of human failures in the operation of complex systems that affect availability and reliability. Modeling human actions with their corresponding failure in a PRA (Probabilistic Risk Assessment) provides a more complete picture of the risk and risk contributions. A high quality HRA can provide valuable information on potential areas for improvement, including training, procedural, equipment design and need for automation

Shuttle Risk Progression: Use of the Shuttle Probabilistic Risk Assessment (PRA) to Show Reliability Growth

It is important to the Space Shuttle Program (SSP), as well as future manned spaceflight programs, to understand the early mission risk and progression of risk as the program gains insights into the integrated vehicle through flight. The risk progression is important to the SSP as part of the documentation of lessons learned. The risk progression is important to future programs to understand reliability growth and the first flight risk. This analysis uses the knowledge gained from 30 years of operational flights and the current Shuttle PRA to calculate the risk of Loss of Crew and Vehicle (LOCV) at significant milestones beginning with the first flight. Key flights were evaluated based upon historical events and significant re-designs. The results indicated that the Shuttle risk tends to follow a step function as opposed to following a traditional reliability growth pattern where risk exponentially improves with each flight. In addition, it shows that risk can increase due to trading safety margin for increased performance or due to external events. Due to the risk drivers not being addressed, the risk did not improve appreciably during the first 25 flights. It was only after significant events occurred such as Challenger and Columbia, where the risk drivers were apparent, that risk was significantly improved. In addition, this paper will show that the SSP has reduced the risk of LOCV by almost an order of magnitude. It is easy to look back afte r 30 years and point to risks that are now obvious, however; the key is to use this knowledge to benefit other programs which are in their infancy stages. One lesson learned from the SSP is understanding risk drivers are essential in order to considerably reduce risk. This will enable the new program to focus time and resources on identifying and reducing the significant risks. A comprehensive PRA, similar to that of the Shuttle PRA, is an effective tool quantifying risk drivers if support from all of the stakeholders is given

Use of Probabilistic Risk Assessment in Shuttle Decision Making Process

This slide presentation reviews the use of Probabilistic Risk Assessment (PRA) to assist in the decision making for the shuttle design and operation. Probabilistic Risk Assessment (PRA) is a comprehensive, structured, and disciplined approach to identifying and analyzing risk in complex systems and/or processes that seeks answers to three basic questions: (i.e., what can go wrong? what is the likelihood of these occurring? and what are the consequences that could result if these occur?) The purpose of the Shuttle PRA (SPRA) is to provide a useful risk management tool for the Space Shuttle Program (SSP) to identify strengths and possible weaknesses in the Shuttle design and operation. SPRA was initially developed to support upgrade decisions, but has evolved into a tool that supports Flight Readiness Reviews (FRR) and near real-time flight decisions. Examples of the use of PRA for the shuttle are reviewed

Hubble Space Telescope Crew Rescue Analysis

In the aftermath of the 2003 Columbia accident, NASA removed the Hubble Space Telescope (HST) Servicing Mission 4 (SM4) from the Space Shuttle manifest. Reasons cited included concerns that the risk of flying the mission would be too high. The HST SM4 was subsequently reinstated and flown as Space Transportation System (STS)-125 because of improvements in the ascent debris environment, the development of techniques for astronauts to perform on orbit repairs to damaged thermal protection, and the development of a strategy to provide a viable crew rescue capability. However, leading up to the launch of STS-125, the viability of the HST crew rescue capability was a recurring topic. For STS-125, there was a limited amount of time available to perform a crew rescue due to limited consumables (power, oxygen, etc.) available on the Orbiter. The success of crew rescue depended upon several factors, including when a problem was identified; when and what actions, such as powering down, were begun to conserve consumables; and where the Launch on Need (LON) vehicle was in its ground processing cycle. Crew rescue success also needed to be weighed against preserving the Orbiter s ability to have a landing option in case there was a problem with the LON vehicle. This paper focuses on quantifying the HST mission loss of crew rescue capability using Shuttle historical data and various power down strategies. Results from this effort supported NASA s decision to proceed with STS-125, which was successfully completed on May 24th 2009

Development of NASA's Accident Precursor Analysis Process Through Application on the Space Shuttle Orbiter

Accident Precursor Analysis (APA) serves as the bridge between existing risk modeling activities, which are often based on historical or generic failure statistics, and system anomalies, which provide crucial information about the failure mechanisms that are actually operative in the system. APA docs more than simply track experience: it systematically evaluates experience, looking for under-appreciated risks that may warrant changes to design or operational practice. This paper presents the pilot application of the NASA APA process to Space Shuttle Orbiter systems. In this effort, the working sessions conducted at Johnson Space Center (JSC) piloted the APA process developed by Information Systems Laboratories (ISL) over the last two years under the auspices of NASA's Office of Safety & Mission Assurance, with the assistance of the Safety & Mission Assurance (S&MA) Shuttle & Exploration Analysis Branch. This process is built around facilitated working sessions involving diverse system experts. One important aspect of this particular APA process is its focus on understanding the physical mechanism responsible for an operational anomaly, followed by evaluation of the risk significance of the observed anomaly as well as consideration of generalizations of the underlying mechanism to other contexts. Model completeness will probably always be an issue, but this process tries to leverage operating experience to the extent possible in order to address completeness issues before a catastrophe occurs

Large Satellite Bus Reliability

NASA is proposing to build a small space station in Cis-lunar orbit called Deep Space Gateway (DSG). At the heart of the DSG is the Power and Propulsion Element (PPE) which is conceptually similar to previously designed and operated satellite buses. A satellite bus is composed of the satellite spacecraft infrastructure minus the payload, and generally includes power, propulsion, avionics, and guidance, navigation and control. In November of 2017, five companies were awarded contracts by NASA to research PPE designs. In order to better understand the reliability of large satellite buses which may be the starting point of the PPE, NASA used Weibull analysis to evaluate spacecraft with similar masses and design life to the PPE. In addition, a subset of the large satellites which had satellite buses manufactured by any one of the five companies was also evaluated. This paper provides the results of the reliability analysis and compares the reliability of the general population of large satellites to the reliability associated with large satellite buses manufactured by the five companies currently studying PPE options

Shuttle Risk Progression by Flight

Understanding the early mission risk and progression of risk as a vehicle gains insights through flight is important: . a) To the Shuttle Program to understand the impact of re-designs and operational changes on risk. . b) To new programs to understand reliability growth and first flight risk. . Estimation of Shuttle Risk Progression by flight: . a) Uses Shuttle Probabilistic Risk Assessment (SPRA) and current knowledge to calculate early vehicle risk. . b) Shows impact of major Shuttle upgrades. . c) Can be used to understand first flight risk for new programs

2009 Space Shuttle Probabilistic Risk Assessment Overview

Loss of a Space Shuttle during flight has severe consequences, including loss of a significant national asset; loss of national confidence and pride; and, most importantly, loss of human life. The Shuttle Probabilistic Risk Assessment (SPRA) is used to identify risk contributors and their significance; thus, assisting management in determining how to reduce risk. In 2006, an overview of the SPRA Iteration 2.1 was presented at PSAM 8 [1]. Like all successful PRAs, the SPRA is a living PRA and has undergone revisions since PSAM 8. The latest revision to the SPRA is Iteration 3. 1, and it will not be the last as the Shuttle program progresses and more is learned. This paper discusses the SPRA scope, overall methodology, and results, as well as provides risk insights. The scope, assumptions, uncertainties, and limitations of this assessment provide risk-informed perspective to aid management s decision-making process. In addition, this paper compares the Iteration 3.1 analysis and results to the Iteration 2.1 analysis and results presented at PSAM 8

"Making Safety Happen" Through Probabilistic Risk Assessment at NASA

NASA is using Probabilistic Risk Assessment (PRA) as one of the tools in its Safety & Mission Assurance (S&MA) tool belt to identify and quantify risks associated with human spaceflight. This paper discusses some of the challenges and benefits associated with developing and using PRA for NASA human space programs. Some programs have entered operation prior to developing a PRA, while some have implemented PRA from the start of the program. It has been observed that the earlier a design change is made in the concept or design phase, the less impact it has on cost and schedule. Not finding risks until the operation phase yields much costlier design changes and major delays, which can result in discussions of just accepting the risk. Risk contributors identified by PRA are not just associated with hardware failures. They include but are not limited to crew fatality due to medical causes, the environment the vehicle and crew are exposed to, the software being used, and the reliability of the crew performing required actions. Some programs have entered operation prior to developing a PRA, and while PRA can still provide a benefit for operations and future design trades, the benefit of implementing PRA from the start of the program provides the added benefit of informing design and reducing risk early in program development. Currently, NASAs International Space Station (ISS) program is in its 20th year of on-orbit operations around the Earth and has several new programs in the design phase preparing to enter the operation phase all of which have active (or living) PRAs. These programs incorporate PRA as part of their Risk-Informed, Decision-Making (RIDM) process. For new NASA human spaceflight programs discussion begins with mission concept, establishing requirements, forming the PRA team, and continues through the design cycles into the operational phase. Several examples of PRA related applications and observed lessons are included