Exploration architectures that include heavy-lift vehicles should be created so that no payload is developed that cannot also be launched on at least one other vehicle, like the Delta 4 Heavy. (credit: Boeing) Launcher out capability

On August 17, 1943, seven B-17 bomber groups totaling 146 aircraft attacked Regensburg, Germany. By the time bombing commenced, fifteen of the bombers—over 10%—had already been lost. Nonetheless, the remaining bombers inflicted heavy damage on the target: despite the catastrophic losses of aircraft and crew, enough bombers got through the Luftwaffe’s defenses to successfully complete their assigned task. As is well-known, earth to orbit (ETO) space launch systems are not very reliable, though luckily their failure rates are not quite so poor as those of the B-17s over Regensburg. (The Regensburg raid losses were indeed very high—ultimately 24 of the bombers (16.4%) were lost—much higher than what was considered the maximum sustainable operational loss rate of 5%.) From the beginning of 1986 to mid-2008 there were 99 launch failures out of 1878 launches worldwide, for an overall failure rate of just over 5%. The parable of the World War 2 bombing raids and the review of the last quarter-century of launch failures illustrate that an ensemble of hundreds or thousands of vehicles can achieve a goal despite poor reliability of the individual vehicles. However, taken as a whole, the world’s fleet of launch vehicles was extremely reliable during that period with respect to the task of regularly delivering payloads to orbit. On average 79 successful flights happened per year, and there were fewer than a handful of instances for which the gap between successive payload deliveries exceeded one month, with the maximum gap being 35 days. The parable of the World War 2 bombing raids and the review of the last quarter-century of launch failures illustrate that an ensemble of hundreds or thousands of vehicles can achieve a goal despite poor reliability of the individual vehicles. If we consider the goal of regular delivery of payload to orbit, then we can consider the different launch vehicles to be redundant components. If a particular component has a 5% failure rate—one failure in 20 flights—then two statistically identical and independent components operating in parallel will have a 0.25% failure rate (1 in 400 flights) and three such components in parallel will have a 0.0125% (1 in 8000 flight) failure rate. Redundancy can enable high operational availability of the world fleet of ETO launchers despite poor component reliability of the individual launcher types. A launch vehicle failure can lead to a long standdown for that vehicle type, during which time failure analysis and required modifications must occur before the fleet returns to service. For example, on January 28, 1986, the Space Shuttle Challenger exploded shortly after launch and as a consequence, the Shuttle program was grounded and did not return to flight until Discovery launched 975 days later on September 29, 1988. Another 906-day gap occurred after Columbia’s failed reentry on February 1, 2003, with Discovery returning to flight on July 26, 2005. The Air Force, when embarking upon its Evolved Expendable Launch Vehicle (EELV) program in the 1980s, decided to fund the development of two launchers, the Atlas 5 and the Delta 4, both of which now launch critical national intelligence assets to orbit. “Assured Access to Space” was a driving factor behind the development of two EELV types: the Air Force and intelligence community did not want to be completely dependent upon one vehicle type, especially in light of the lower-than-expected Shuttle launch rate and the Challenger disaster. This ability to have more than one launch vehicle option was called a mixed fleet strategy and the scientific community also realized its importance. A letter to the NASA Administrator from the National Research Council in 1987 stated that: “…it is very important that the launch strategy for these missions be flexible and reliable. Provision of back up modes of launching these missions and identification of alternative launch windows in case of delays in the shuttle schedule should be undertaken to give the program margins of assurance that is vital to its success. … [A mixed fleet strategy] would… go a long way toward reducing uncertainties and difficulties related to shuttle delays, significantly reduce pressure on the shuttle launch schedule, and protect against single point failures.” Another prescient space policy document from 1989 states: “Single-point failures should be avoided where possible in programs as well as in physical systems. The decision to make the Shuttle our sole launch vehicle put a large, unnecessary single-point failure mode into the U.S. space program. Similarly, the decision to plan the Space Station so that it can be assembled and serviced only by the Shuttle puts the same single-point failure mode into the Station program.” In fact, the long standdown after the Columbia disaster did have deleterious impacts on the International Space Station (ISS) construction schedule, dependent upon the Shuttle as it was. Luckily, redundancy in ISS crew transport was provided by Soyuz during the standdown and ISS was not left uncrewed during that time. ISS logistics supply is now a model of redundancy: there are currently four options (Shuttle, Progress, ATV, and HTV) to deliver cargo to the ISS. If one of these logistics supply systems were to experience a failure and subsequent long standdown, then the three other delivery systems would likely be able to compensate for the loss in the meantime. Clearly, the quadruple-redundant logistics supply system to ISS is a much, much more robust system in the face of launch vehicle failures than was the early construction effort for ISS at the time of the Columbia disaster. In light of the discussion so far, let us now consider the concept of the heavy lift vehicle (HLV), an ETO launch vehicle such as Ares 5 or some other Shuttle-derived launcher. The Constellation program plans to use the unique capabilities of the Ares 5: the various components designed to be thrown by that launcher (e.g., the Earth Departure Stage (EDS), Altair) are very large, sized to use its heavy lift capabilities to the fullest, and are not capable of being launched on other existing, smaller launchers without modification. HLVs are expensive to develop and NASA’s current budgetary situation is such that if an HLV such as Ares 5 were actually funded and built, then it would be highly unlikely that there would be any money left over with which to build a second, independent HLV capability. The development of an HLV and the sizing of payloads to utilize the unique heavy-lift capabilities of that singular vehicle are antithetical to the redundancy and high operational availability concepts described in this essay. To develop a singular HLV and to size payloads that can be launched only on that system is, in simple terms, to put all of one’s eggs in a single basket: the sizing of payloads such that they can only be launched by Ares 5 makes the Ares 5 a single point of failure. The development of an HLV and the sizing of payloads to utilize the unique heavy-lift capabilities of that singular vehicle are antithetical to the concepts of redundancy and high operational availability. Of course, NASA and its contractors would strive to design and build the HLV to be as reliable as possible given the budget with which they have to develop it. However, it is not unreasonable to think that an HLV might fail at some point and that there might be a very long failure analysis and mitigation program thereafter, just as has happened twice with the Shuttle program. By contrast, a collection of different medium-lift existing launch vehicles, such as Delta 4, Atlas 5, Ariane 5 ECA, and Proton, will not all collectively fail to regularly deliver payloads to orbit. Individual vehicle types might fail and require extensive downtime, but a system of multiple launch vehicles will not collectively suffer the same fate. Thus, from a reliability perspective, NASA’s recent intense focus on HLV development seems quite misplaced. This author proposes the following “Launcher-Out Rule” for consideration as an alternative to this HLV-centric focus: Launcher-Out Rule: In order to ensure high operational availability, even in the face of launch vehicle failures, NASA shall henceforth size each payload so that it is capable of being launched on at least two existing launch vehicles. Note that this Launcher-Out Rule does not preclude the development of future launch vehicles larger than those currently operational. What it does prevent is the sizing of payloads that can only be launched on the largest rocket available; it would be acceptable under this rule to have a new HLV in the fleet capable of carrying two or more payloads of sizes such that each could be launched on at least one other existing launch system. The Launcher-Out Rule would not prevent the development of Ares 5 per se, but would prevent the designing of any one payload item larger than that which could be carried on a Delta 4 Heavy. A conscious effort to hew to the Launcher-Out Rule will naturally increase focus on standard payload adapters and interfaces so that it is not onerous to retask a payload to potentially fly on launch vehicle B after the failure of the originally-planned launch vehicle A. Such planning can allow the migration of payloads to more reliable or less costly launchers which will ultimately appear over time. The Launcher-Out Rule restricts the sizing of payloads to the payload capability provided by the second-largest ETO launcher. Thus, in space architectures compliant with the proposed Launcher-Out Rule, the payloads launched would be smaller than in an HLV-dependent architecture designed to achieve similar tasks such as delivery of cargo and humans to beyond-LEO destinations. Architectures compliant with the Launcher-Out Rule would likely have orbital transfer vehicles, orbital assembly dockyards, or other extraterrestrial integration points (e.g., integrate on lunar surface or near a NEO), depots, telerobotics, EVAs, pre-positioning of supplies, and, in general, a larger number of smaller operations than in corresponding HLV architectures so as to compensate for the smaller launch vehicles used. The Launcher-Out Rule does not preclude the development of future launch vehicles larger than those currently operational. What it does prevent is the sizing of payloads that can only be launched on the largest rocket available. It is true that each of these extraterrestrial operations has possibilities for failure. However, in-space glitches have the possibility of being diagnosed and fixed over time, whereas that is often not a possibility during the 8-10 minutes of terror the ascent of a launch vehicle entails. One anecdotal example of this ability to diagnose and fix problems over time is the initial failure of the Near Shoemaker probe to achieve orbital insertion around Eros on its first attempt in December 1998. The spacecraft began tumbling and communication was lost for 24 hours. As a consequence, the probe flew past Eros. However, contact was re-established and the probe successfully inserted into orbit around Eros in early 2000, more than a year after the first attempt, and the mission was ultimately successful. The presence of humans and telerobotic equipment can also mitigate some on-orbit failures. A famous example is the repair of Skylab and deployment of a sunshield in 1973 after extensive damage the station sustained during launch. Extra-vehicular activities (EVAs), while requiring extensive preparations, nonetheless have had good demonstrated safety: so far no one has died in the over 350 EVAs performed to date. Construction of ISS was significantly delayed and over-budget with respect to the original plan, and these facts left a very bad taste in the mouths of many. ISS construction was overly-dependent on the Shuttle. However, ISS is now nearly complete and full-complement crew operations have begun. Sunk costs are sunk, and it is this author’s hope that the space community will not ignore the positive lessons that ISS has to teach with respect to redundancy, for logistics and crew transport, and well as for the chance to see in action a system with the ability to fix problems at leisure using telerobotics and EVAs. The planned retirement of the Shuttle in 2010 or 2011 will cause at least a temporary loss of redundancy in crew transport to ISS, though it might well be the case that redundancy will eventually grow, including perhaps the Chinese, SpaceX’s Dragon, Orbital’s Cygnus, or other possibilities. There has been discussion of continuing the Shuttle beyond 2011 at a sharply reduced flight rate; from this essay it can be seen that one virtue of doing so would be to serve as a backup for Soyuz in case of a Soyuz failure. The proposed Launcher-Out Rule is not a new concept; for example, the following wording appears as Groundrule A-1 in the Space Transportation Architecture Study (STAS) from the late 1980s: “Viable architecture will be based on a mixed fleet concept for operational flexibility. As a minimum, two independent (different major subsystems) launch, upperstage and return to Earth (especially for manned missions) systems must be employed to provide assured access for the specific, high priority payloads designated in the mission model.” The words “independent (different major subsystems)” can help us to see a value that international partners can provide in large space architectures. Soyuz was not grounded at the same time that the Shuttle fleet was after the Challenger and Columbia disasters, and a future failure of, say, a Progress resupply vehicle would likely have no effect on the HTV’s ability to supply the stations. The fact that different nations developed their own independent launch capabilities has had the happy side effect of increasing redundancy, even though the original motivations (such as political or national pride goals) for developing those separate systems were far removed from reliability considerations. It might be the case that eventually there will be another failure of one of the logistics supply vehicle types supporting ISS operations. However, just as the loss of individual bombers over Regensburg did not cause the entire raid to fail, so too the loss of an individual supply vehicle is unlikely to jeopardize the overall success of ISS. Careful consideration of the operational availability implications of building an HLV—and becoming dependent upon it—versus the alternative of using a mixed fleet to achieve similar goals is warranted. Home









