Risk Assessment Challenges in the Ares I Upper Stage

James E. 8tott(1), Robert W. Ring(2), Hassan A. Elrada(2), & Frank Hark(2)

(I)NASA Marshall Space Flight Center Safety and Mission Assurance Directorate QD10, MSFC, AL USA, Email:James.E.Stottra),NASA.gov

(2)Hernandez Engineering Inc., NASA Marshall Space Flight Center HE!, MSFC, AL USA, Email:Robert. W.Ring@NASA.gov, Hassan.A.E/radaraJNASA.gov, and Frank Hark-/(jj),NASA.gov

ABSTRACT [1]

NASA Marshall Space Flight Center (MSFC) is currentlyat work developing hardware and systems for the Ares Irocket that will send future astronauts into orbit. Built oncutting-edge launch technologies, evolved powerfulApollo and Space Shuttle propulsion elements, anddecades of NASA spaceflight experience, Ares I is theessential core of a safe, reliable, cost-effective spacetransportation system -- one that will carry crewedmissions back to the moon, on to Mars and out into thesolar system.

Ares I is an in-line, two-stage rocket configurationtopped by the Orion crew vehicle and its launch abortsystem. In addition to the vehicle's primary mission -­carrying crews of four to six astronauts to Earth orbit -­Ares I may also use its 25-ton payload capacity to deliverresources and supplies to the International Space Station,or to "park" payloads in orbit for retrieval by otherspacecraft bound for the moon or other destinations.Crew transportation to the International Space Station is

... planned to begin no later than 2014. The first lunarexcursion is scheduled for the 2020 tirneframe.

This paper presents the challenges in designing the Ares Iupper stage for reliability and safety while minimizingweight and maximizing performance. 1.1

Figure 1.1 Concept Launch ofAres I

First Stage

1. INTRODUCTION [1]

NASA is currently designing, testing, and evaluatinghardware for the Ares I Crew Launch Vehicle (CLV)(Fig. 1.1), the next generation vehicle that will carryhumans into Earth's orbit and beyond. Ares I is an in­line, two-stage rocket configuration topped by the Orioncrew exploration vehicle, its service module and a launchabort system. The Ares I CLV is separated into severalelement teams led by NASA Marshall Space FlightCenter in Huntsville, Alabama. These element teams arethe First Stage (FS), the Upper Stage Engine (USE), andthe Upper Stage (US). This section presents an overviewof these CLV elements.

The FS Element is a single, five-segment reusable solidrocket booster derived from the Space Shuttle Program.It has a Reusable Solid Rocket Motor (RSRM) that burnsa solid propellant called PolyButadiene AcryloNitrile(pBAN). A newly designed forward adapter will matethe FS to the US, and the US interstage wiJI be equippedwith booster separation motors to disconnect the stagesduring ascent. During the first 2.5 minutes of flight, thefIrst stage booster powers the vehicle to an altitude ofabout 200,000 feet and a speed ofMach 6.1.

ATK Thiokol of Brigham City, Utah, is the primecontractor for the first stage.

https://ntrs.nasa.gov/search.jsp?R=20070031695 2020-08-04T01:04:57+00:00Z

1.2 Upper Stage Engine entire CLV launch stack, as well as the separationsystems required to perform first stage separation [2].

The Upper Stage Engine, the J-2X (Fig. 1.2), is anevolved variation of the J-2 engine that propelled theSaturn lB/Saturn V, and the J-2S (the J-2S was asimplified version of the J-2 developed and tested in theearly 1970s but never flown). After the FS separates, theJ-2X engine ignites and powers the Orion to an altitudeof about 63 miles.

Pratt & Whitney Rocketdyne in Canoga Park, Calif., isthe prime contractor for the CLV upper stage engine.

The Upper Stage of the Ares I Crew Launch Vehicle isprimarily an in-house NASA design being led atMarshall Space Flight Center in Huntsville, Alabama.The following section presents a synopsis of the RiskAssessment process within the Upper Stage element.

2. UPPER STAGE RISK ASSESSMENTPROCESS

~

-. ,- r-.-,- ~

~.

'~ .., ..

"" . '"" ', --aJ" ~. ,-.." ,::::.. >'

~ ..

2.1 Organization

The Upper Stage Element organization (Fig. 2.1) is ledby an Upper Stage Office and each substructure under theUS Office is an Integrated Product Team (IPT). TheUpper Stage Safety and Mission Assurance (S&MA)organization operates adjunctively to the Upper StageOffice and is responsible for safety, reliability, quality,software assurance, and other mission assurancefunctions.

Concept Image of the J-2X engine.(NASAlMSFC)

Figure 1.2 Concept Image ofthe J-2X

1.3 Upper Stage

The function of the Upper Stage is to complete the,., second portion of the ascent phase after the First Stage

separates from the vehicle.

The CLV Upper Stage (US) is the portion of the CLVextending from the first stage forward frustum to theCrew Exploration Vehicle (CEV) adapter. The UpperStage consists of three major structural sections: theInstrument Unit, the Core Stage, and the Interstage. TheMain Propulsion System provides LOXILH2 fuel tanks,pressure system, and feedlines to the Upper Stage J2-Xengine. The Roll Control System (RoCS) performs rollstabilization control of the vehicle prior to FS separation,and the Upper Stage Reaction Control System (RCS)provides attitude control to the vehicle during UpperStage flight. The Upper Stage also provides ThrustVector Control (TVC) to the Upper Stage Engine. TheUpper Stage also provides control electronics for the

Figure 2. JUpper Stage Organization

The adjunctivity of the US S&MA organization and thenature of the IPT process requires reliability, safety, andquality engineers to be represented in each IPT. The IPTprocess then ensures that safety, reliability, and qualityare designed into the system.

2.2 Integrated Reliability,Maintainability, and Supportability(RMS) Analysis Process

The RMS Analysis Process consists of three sub­processes, the Reliability Analysis Process, theMaintainability Analysis Process, and the SupportabilityAnalysis Process (Fig. 2.2).

failures across subsystems. Sensitivity studies,uncertainty analysis, and scenario modeling will also beconducted within the integrated model and also at thelower level system models.

The reliability analysis within each IPT is of primaryimportance not only to the development of the models,but also for the feedback the analysis provides to thesystem designers. This feedback facilitates the processof influencing the design to make the system safer andmore reliable. Thus, it can be said that the real goal ofthe reliability analysis is to improve design by identifyinghigh probability failure modes and accident sequences,and mitigating those risks through system redesign.

2.2.1

Figure 2.2 Integrated RMS Process

The Reliability Analysis Process

2.2.1.1 Development of Reliability Modelswithin the IPT

The Reliability Analysis (RA) Process starts with inputsfrom the Failure Modes and Effects Analyses (FMEA),Hazard Analyses (HA), and Human Factors/SoftwareReliability Analyses when available. This information,along with the information obtained during systemfamiliarization within the IPT Process (i.e. systemschematics) prompts the IPT reliability analyst to begin abaseline logic model of the system. In parallel with thelogic model development, the reliability analyst collectsavailable data and begins to quantify the reliability logicmodel. The model is further refined within the IPTprocess, and ultimately generates estimates for Loss ofMission (LaM) and Loss of Crew (LaC). A flowdiagram of the Reliability Analysis process is shown inFig. 2.3.

A flowchart representing the Reliability Analysis processwithin each IPT is shown in Fig. 2.4. The process beginswith system familiarization and review of the currentFMEAs, HAs, system schematics, available data, etc.Groundrules and assumptions of the modeling and theinterpretation of system failures are then constructed anda preliminary model is developed. The system logicmodel, goundrules and assumptions, and data are thenreviewed with the design engineers. The model issubsequently updated and reiterated until the model hasIPT concurrence. To demonstrate concurrence, the IPTlead will sign a statement formally declaring that theReliability Analysis model has been concurred withwithin the IPT.

Figure 2.3 Reliability Analysis ProcessFigure 2.4 Reliability Analysis process within the IPT

----....~........-..._.-­.....'M

IPTProcess

...~.Otat-cll,...O.-inltlOn.......

Once the process of developing the logic models hasbegun within the IPT framework, the subsystem modelsare simultaneously integrated into a complete UpperStage model. The integrated model is then analyzed for

It should also be mentioned that, parallel to thedevelopment of the reliability logic model, reliabilityanalyses are performed during trade and fault tolerancestudies specific to that IPT. Depending upon the

outcome of these studies, the subsequent analyses arepotentially used as part of the system model.

2.2.2 _Tbe Maintainability AnalysisProcess VI PftA

(Top Down Analysis)

The inputs to the Maintainability Process consist ofoutputs from the Reliability Analysis Process (i.e. MeanTime To Failure (MTTF)), and information garneredfrom the Supportability Analysis Process regardingscheduled and unscheduled maintenance events. Theprocess performs maintenance analysis to define themaintenance activity flow. Outputs of this task includeMean Time To Repair (MTTR), maintenance taskdefinition, maintainability assessments, and maintenancecharacteristics.

/ "-'...-

EElemen~:As (Bottom up Analysis)

..-_ i'<!!'

U'A",Pf04:...

NASA Prime. ~onfl~~or.

CSVPU

AIlS lIIteglated PRA_....--

,\...... ,11<

The combination of the outputs of all three processeswithin the RMS Analysis will subsequently generatesystem Availability estimates.

3. INTEGRATED CREW LAUNCHVEmCLE PROBABILISTIC RISKASSESSMENT (PRA)

Supportability analysis is performed by the LogisticsSupport Integration (LSI) lPT. The MTTF, MTTR, andother related information garnered from the Reliabilityand Maintainability Analyses feed the SupportabilityAnalysis Process. The Supportability Analyses willprovide for the dynamic flow of interactions between theflight hardware, ground support equipment, processingpersonnel, and facilities.

The Upper Stage PRA, in conjunction with the FS andUSE PRAs, will be integrated by the S&MA VehicleIntegration Team. The Vehicle Integration (VI) PRAteam performs a top-down analysis which includesanalyses of ascent risk scenarios, abort modeling, and athorough review of relevant historical failures. The VIPRA team then relays this information to the elementReliability Analysis/PRA teams and the models andanalyses will incorporate this data and feed up to the VIteam. The subsequent PRA models will then merge intoan integrated PRA model for the Ares I launch vehicle.This analysis, combined with the PRA analysis of theOrion Crew Exploration Vehicle (CEV), integrate toform an integrated Crew Launch Vehicle (CLV) stackPRA. A flowchart of the CLV Integrated PRA approachis shown in Fig. 3.1.

Figure 3.1 Integrated CLV PRA Approach

4.1 Cballenge I: Being tbe Prime

4. CHALLENGES ANDOPPORTUNITIES

By taking the lead in the design of the Upper Stage forAres I, NASA is providing a unique opportunity to itsdesign team and to the Safety and Reliability engineerswithin S&MA. The Upper Stage Project has partneredwith S&MA to integrate both qualitative and quantitativereliability and risk assessment with the subsystem lPTsresponsible for Upper Stage design through concurrentengineering. This approach has already produceddemonstrated benefits by influencing the design forimproved reliability for several subsystems. In addition,it offers potential long-term benefits to NASA becausefuture project managers will be selected from today'sengineers who are getting the hands-on designexperience necessary to successfully manage thedevelopment of future space exploration systems.

Not since the Apollo Program in the 1960's has NASAbeen so influential in the design of a space transportationsystem. The Space Shuttle and other attempts at nextgeneration space transportation (Space Launch Initiative(SLl), Orbital Space Plane (aSp), etc.) relied on an opentrade space and the Request For Proposal (RFP) process.The FS and the USE have Prime contractors, which makesense in this context due to the continuity of thecontractors with the Shuttle/Saturn derived hardware.The Upper Stage however, is unique in the sense thatNASA is functioning as the 'Prime' contractor.

Supportability Analysis Process2.2.3

In-house design presents challenges as well asopportunities. The learning curve is very steep for theUpper Stage designers and systems engineers.Management needs to take this into consideration or elsethe projected budget and workforce have the potential ofbeing underestimated.

4.2 Challenge II: Tight Schedule

On May 25, 1961, President Kennedy announced:

"I believe that this nation should commit itself toachieving the goal, before this decade is out, of landing aman on the Moon and returning him safely to the Earth.No single space project in this period will be moreimpressive to mankind, or more important in the long­range exploration of space; and none will be so difficultor expensive to accomplish... "[3]

The first manned launch occurred in December 1968,carrying the Apollo 8 circumlunar mission.

Similarly, on January 14th, 2004 President Bush

announced the "Vision for Space Exploration" with oneof the goals being to develop and fly the CrewExploration Vehicle (CEV) by 2012, but no later than2014.

If the goal of 2012 is to be achieved, this would becomparable to the schedule of the development of theSaturn V. The evidence has shown that NASA hassuccessfully overcome this schedule challenge in the

... past. We therefore have the confidence in overcomingthis challenge today.

4.3 Challenge III: Communication,Coordination, and Integration

A third challenge is maintaining adequatecommunication and coordination within the IPTs andamong the several layers of the Constellationorganizational infrastructure. An approximatebreakdown of the current NASA structure in supportingthe Vision for Space Exploration in relation to the UpperStage Organization is as follows:

• Level 0- Vision for Space Exploration

• Levell- Exploration Systems Mission Directorate

• Level 2- Constellation Program

• Level 3- Ares I, Orion, etc.

• Level 4- Upper Stage, First Stage, etc.

• Level 5- MPS, RCS, etc.

The challenge from an Upper Stage viewpoint is tointegrate the level 5 system PRAs into an overallintegrated Upper Stage PRA, while attempting tomaintain consistency with the higher level Ares 1integrated PRA at Level 3. Assuring consistency ofPRAmethodology within the Upper Stage will not be adriving issue because it is being developed in house witha single team of analysts. However, NASA learned fromits development of the Space Shuttle PRA that it can bechallenging to ensure consistent methodology acrossmultiple contractors. This is particularly true regardingthe data analysis used in quantification of basic events,such as combining prior data sources, discountingfailures, assessing the applicability of failures, and theconsistent failure-rate analysis of similar componentsacross subsystems. Since the PRA will be used by the CxProgram to support risk-informed decision making and toallocate resources for risk mitigation across the program,it is imperative that risk be comparable.

5. CONCLUSION

Designing the Ares 1 Upper Stage for reliability andsafety while minimizing weight and maximizingperformance is indeed challenging. The reliability/ riskanalysis process described in this paper has been adoptedand employed in all aspects of the preliminary designphase to improve the reliability of the CLV and reducethe risk of loss of mission and loss of crew. This processwill iterate and evolve throughout the program's lifecycle from design, development, testing and operation ofthe CLV. The process has already proven valuable inidentifying preliminary design weaknesses that resultedin design improvements and higher reliability.

6. ACRONYMS

CEVCLVFMEAFSHAHEIIPTLH2LOCLOMLOXLSIMTTFMTTRMSFCNASAOSPPBANPRARARCSRoCSRFPRMSRSRMSLIS&MATVCUSUSEVI

Crew Exploration VehicleCrew Launch VehicleFailure Modes and Effects AnalysesFirst StageHazard AnalysisHernandez Engineering IncorporatedIntegrated Product TeamLiquid HydrogenLoss of CrewLoss ofMissionLiquid OxygenLogistics Support IntegrationMean T4ne To FailureMean Time To RepairMarshall Space Flight CenterNational Aeronautics and Space AdministrationOrbital Space PlanePolyButadiene AcryloNitrileProbabilistic Risk AssessmentReliability AnalysisReaction Control SystemRoll Control SystemRequest For ProposalReliability Maintainability and SupportabilityReusable Solid Rocket MotorSpace Launch InitiativeSafety and Mission AssuranceThrust Vector ControlUpper StageUpper Stage EngineVehicle Integration

.., 7. REFERENCES

I. "NASA Constellation Program: America's Fleet ofNext-Generation Launch Vehicles the Ares I CrewLaunch Vehicle", NASA MSFC, FS-2006-07-85­MSFC Pub 8-40598, July 2006.

2. Upper Stage (US) Design Analysis Cycle (DAC)-ICDesign Definitions Document (DDD).

3. John F. Kennedy, "Special Message to the Congress onUrgent National Needs", May 25 th

, 1961.