Impact of Quality in Orbital Science’s Human Spaceflight Programs Presented at the 20th Conference on Quality in the Space and Defense Industries Frank L. Culbertson Senior Vice President and Deputy General Manager Advanced Programs Group Agenda
Orion COTS/CRS SRQ&A Impact on Programs
2
Orion
3 Orion Launch Abort System Summary
LAS is Designed to Remove the Crew during a Launch Vehicle Failure While on the Pad Up to Nominal Jettison at Approximately 200 kft LAS Accomplishes this Mission Using Three Solid Motors Trajectory Optimization During the Abort Lightweight Composite Structures
4 PA-1 Mission
The PA-1 LAS has over 300 Instruments on It to Measure the Flight Environments During the Test Flight
PA-1 Mission: Demonstrate Pad Abort Capability
5 PA-1 Integration Complete
6 PA-1 Flight Test May 6, 2010 – Success!
•The Launch Abort System Developed for the Orion Crew Exploration Vehicle Was Successfully Tested on May 6, 2010. •The 97-second Flight Test Was the First Fully Integrated Test of the Launch Abort System Developed for Orion 7
COTS/CRS
8 Low Earth Orbit Transfer Operations
Drawing Upon Its 30 Years Of Satellite And Major Space Systems Development And Operations Experience, Orbital Sciences Corporation Has Embarked On A New Venture To Provide Low Earth Orbit Cargo Transfer Services To NASA’s ISS Program
• Under the joint NASA / Orbital Commercial Orbital Transportation Services (COTS) program, Orbital is Developing the “Cygnus” Advanced Maneuvering Space Vehicle, Which is Designed to Meet the Stringent Safety Requirements for International Space Station (ISS) Operations.
• The Cygnus Spacecraft Will Provide Cargo Resupply to the ISS Program under the Cargo Resupply Services Contract
9 International Space Station Overview The International Space Station is the largest and most complex international scientific project in history. Led by the United States, the International Space Station draws upon the scientific and technological resources of 16 nations: Canada, Japan, Russia, 11 nations of the European Space Agency, and Brazil
More than four times as large as the Russian Mir space station, the completed International Space Station will have a mass of about 472,000 kg. It will measure 356 feet across and 290 feet long, with almost an acre of solar panels to provide electrical power to six state-of-the-art laboratories.
The station is in an orbit with an altitude of approximately 400 km with an inclination of 51.6 degrees. The orbit provides excellent Earth observations with coverage of 85 percent of the globe and over flight of 95 percent of the population.
The ISS houses an international crew of 6.
10 2012 a Big Year For Cygnus and Antares
COTS Demo and CRS Orb-1 Spacecraft in Advanced Testing Thermal Vacuum Testing, Mechanical Environments for COTS Demo EMI/EMC Testing, Thermal Vacuum Testing and Mechanical Environments for Orb-1
Demo Software Ready for Final Joint Testing
Antares Forging Ahead with Significant Hardware Deliveries and Integration Activities for Test Launch and COTS Demo Launchers
Pad Turnover in Less Than 2 Months!
11 Update – Welcome Antares
PAYLOAD FAIRING • 3.9 meter diameter by 9.9 meter envelope • Composite Construction • Non-contaminating Separation Systems Designed to Provide STAGE 2 Versatile, Cost-effective • ATK CASTOR® 30/30B Solid Motor with Active Thrust Vectoring Access to Space for • Orbital MACH avionics module Medium-Class Payloads • Cold-gas 3-axis Attitude Control System
Currently Under Contract STAGE 1 to Support NASA • Liquid Oxygen/RP-1 fueled International Space Station • Two AJ26 engines with independent thrust vectoring (ISS) Re-supply Missions • 3.9 meter booster derived from heritage Zenit design
12 Antares Hardware Progress
Booster Main Engine Upper Stack System Upper Stack & st 1 Four Engines Cygnus Pathfinder Successfully Complete Hot-fire Tested @ Upper Stack Stennis Integration @ st 1 Three Engines Wallops Delivered to Wallops Avionics Testing Hot Fire Test Engines Complete Integrated into Engine Hot Fire and Test Flight Boosters Section Being Processed @ Wallops
CRS Launch Cores Delivered
ORB-1 Launch Booster Tankage Complete
13 Antares WFF Launch Site Progress
Horizontal Integration Launch Pad Infrastructure Facility Ramp & Flame HIF GSE Trench Complete Delivered Tanks Installed TEL Complete Deluge Tower Transporters Complete Available TEL Pathfinder On-Going
Structure Complete Interior Complete Occupancy 3/11
14 Wallops Launch Pad Nearing Completion
15 TEL Pathfinder Nov 2011 Featuring Rapid Retract and 2X Load Proof Test
16 Aft Bay Mated to Core for Pad Hot Fire
17 Engine 7 Acceptance Testing - 17 Nov 2011
18 Cygnus Service Modules for Demo and Orb-1 in Test at Dulles VA
Orbital Proprietary Information 19 Orb 1 Cygnus Service Module in EMI and TVAC Testing at Dulles VA
Orbital Proprietary Information 20 Pressurized Cargo Modules at Thales Alenia, Italy
21 Demo Mission Pressurized Cargo Module at Wallops Flight Facility
22 Service Module/Pressurized Cargo Module Fit Check
Phased Safety Review
24 COTS/CRS Safety Implementation Process
Cygnus safety requirements defined in the COTS Interface Requirements Document (IRD), with specific requirements for control of Catastrophic and Critical hazards Has been overriding consideration in Cygnus design trades, from inception of the program Redundancy in critical hardware functions
Follows “phased” safety review process with JSC/ISS Safety Review Panel (SRP) 3 Phases that correlate to spacecraft design maturity
First Review (Phase I) conducted in February 2009, with 80% of the SRP’s attention directed to the Cygnus “Collision” hazard report
Cygnus Phase II safety review (for detailed design phase) was successfully completed in November 2009
Follow-on reviews have been held to brief the SRP on design updates and testing issues
Phase III Review in progress All hazard reports but Collision have been presented to the Board Some hazard controls have been closed to the “Verification Test Log” – to be closed closer to flight
Phase I Lessons Learned
Show top-down approach to addressing system hazards Puts emphasis on System Engineering; de-emphasizes subsystem bottoms-up approach Show how causes logically map to the system architecture
Show that the Nominal Mission works and is safe End to end vehicle performance works and is safe (under nominal scenarios) Description of mission phases, including hardware required and performance criteria End-to-end description of sensor to effector control functions Analysis of error budgets (e.g. Trajectory, Navigation, Guidance, Control, Etc.) during approach to control trajectory dispersions Fault tolerant approach for each failure and error type
Avoid overreliance on heritage spacecraft hardware and software Can provide confidence in selected units, but must verify system requirements met for ISS Visiting Vehicles
Clearly demonstrate robustness of the Control Loop architecture Show separate, independent control paths for inhibits and controls Bias toward simplicity and control of hazard by design, as opposed to “reactive” controls
Phase I Lessons Learned (cont)
SAFE ABORT THRESHOLD Address Time-to-Effect •Minimize its application •Clarify the limited situations where we have A non- zero time-to-effect versus where prevention is BUDGET ALLOC utilized •Show by analysis our system time-to-effect FAULT DYNAMICS limitations, and that we are safe with our implementation (see next slides)
FDIR THRESHOLD Nominal Performance = expected system performance FDIR Threshold = trigger limit for a fault (value in SW) NOMINAL PERF Fault Dynamics = worst case vehicle motion upon hitting FDIR limit (where you really are by end of the response) Includes uncertainties, persistence, disable, switching, initialization, & transients Budget Allocation = budgeted performance including worst- case uncertainties and transitions Prefer to have larger than Fault Dynamics, but might not be in all cases Safe Abort Threshold = auto-abort
March 2010 Slide 27 Phase I Lessons Learned (cont) The Major Takeaways
Successful completion of the Safety process requires engagement of the entire engineering team! S&MA, Systems, Subsystem leads Safety design fully integrated into the System architecture Strong review role by Chief Engineer, Program Management and independent senior staff
Technical leadership must come from within the project Consultants and Engineering Support contractors can provide an important support and/or review role, but leadership must be within the project
Successful Safety program requires total integration of the S&MA and Engineering teams SRP Phase III Progress to Date
Date Event Products July 20 Data Drop: SRP Phase III Part 1 HRs • CYG-03, -04, -05, -09, -11, -14 2011 • Supporting Evidence August 12 Data Drop: CBCS Analysis / FDIR Design • CBCS Analysis 2011 • CBCS Hardware Analysis • CBCS Timing Analysis • FDIR Design Documents August 24-26 SRP TIM: CBCS Analysis / FDIR Review • Summary Presentation (dropped Aug 15) 2011 September 1 SRP III Part 1: Review of 6 HRs • Summary Presentation (dropped Aug 31) 2011 • July 20 Data Drop September 30 Data Drop: SRP Phase III Part 2 HRs • CYG-02, -06, -07, -08, -10, -12, -13, -15 2011 • Supporting Evidence October 18-20 SRP III Part 2: Review of 8 HRs • Summary Presentation (dropped Oct 14) 2011 • Vol 3 – Evidence Index (dropped Oct 14) • September 30 Data Drop November 8-9 SRP TIM: FDIR Design / CBCS Analysis Part 2 • Action Item Closure from Aug 24-26 Mtg 2011 • System Timeline and Operability Analysis • CBCS Analysis April 2012 Data Drop: SRP Phase III Part 3 HR • CYG-01 Collision • Supporting Evidence May 2012 SRP III Part 3: Review of 1 HR • Summary Presentation • Data Drop Status of Cygnus SRP III Hazard Reports
HR ID HR Title Meeting Status Notes
CYG-01 Collision SRP III Part 3 Not yet Submitted Planned to submit for SRP in 2012 Pending Orbital incorporation of CYG-02 Battery Explosion SRP III Part 2 Open comments from Battery Specialist and her approval voiced to the SRP CYG-03 Impact with Detached Equipment SRP III Part 1 Approved 2 verifications on VTL CYG-04 Impact with Moving Equipment SRP III Part 1 Approved 2 verifications on VTL CYG-05 Depressurization of ISS SRP III Part 1 Approved 9 verifications on VTL CYG-06 PCM Fire Event SRP III Part 2 Approved 8 verifications on VTL CYG-07 Propulsion Explosion SRP III Part 2 Approved 9 verifications on VTL CYG-08 Contamination, Toxicity, or Irrespirable Atmosphere SRP III Part 2 Approved 13 verifications on VTL CYG-09 External ISS Contamination SRP III Part 1 Approved 0 verifications on VTL Pending NASA review of Fracture CYG-10 Structural Failure SRP III Part 2 Open Control Plan, Report, and MUAs CYG-11 PCM Hull Fracture or Damage SRP III Part 1 Approved 4 verifications on VTL CYG-12 EVA Crew Hazards SRP III Part 2 Approved 8 verifications on VTL Pending NASA approval of a NASA CYG-13 IVA Hazards to Crew SRP III Part 2 Open generated NCR for acoustic noise CYG-14 Impact or Collision with Meteoroid or Debris SRP III Part 1 Approved 0 verifications on VTL Pending Orbital’s completion of SM CYG-15 Radiation from Natural or Induced Environments SRP III Part 2 Open EMI/EMC testing CYG-16 Ground Hazards during Integrated Operations SRP III Part 2 Approved 49 verifications on VTL
Reliability Lab
31 Background
76 Pressure Transducers (PT) have flown on similar Orbital Propulsion Subsystems 3 instances of PT output signal drift with PTs using pressure caps from Steel HT 3PX1 Root Cause for both confirmed failures attributed to material defects within the 304L Pressure Cap Steel Defects (Stringers) allowed leaks to propagate through pressure cap and into body cavity, which resulted in output signal drift No external leaks observed [postulated to be due to bar rolling orientation]
Leak Location Defect Details – Star-2 Unit Testing
Drifting unit removed from Star-2 and sent to Taber for evaluation/testing Testing included leak visual inspection, baseline characterization, leak and snoop – Leak testing confirmed an internal leak via presence of helium in the transducer evacuated chamber – Snoop/IPA bath testing grossly located the leak location in the pressure cap – Leak rate determined to be 5X10-6 scc/s GHe leak r Unit was then shipped back for DPA in Orbital’s Reliability Analysis Lab
Leak location
Bubble Traces Defect Details – Star-2 Unit Testing Orbital Testing Unit was received at Orbital and a “pie section” taken, centered around the suspected failure area Cross sectioning of the pie section proceeded very slowly to ensure that any “smoking gun” stringer was not bypassed Though no stringer was found to be planar and linearly continuous through the entire thickness, the suspected failure site had a high density of stringers that could have joined 3 dimensionally to traverse the entire thickness As described by Orbital’s RAL: “These images capture what would seem to be the most likely leakage path for this failure. In addition to the MnS stringers imaged, there is a rather long, contiguous silicate stringer that was persistent during sectioning in this area (can be seen to the lower right image) and was probably a contributor to the leakage path.”
Summary
35 Summary
Orbital has demonstrated its commitment to Quality in its Human Space Flight Programs Successful LAS Test COTS and CRS Progress Orbital Continues to Make Progress Toward Antares Test Launch and COTS Demonstration Mission Facilities at Wallops Nearing Completion Antares Hardware for First 3 Missions Either Integrated or Available for Integration Cygnus Spacecraft for First 2 Missions Completing Testing and Ready for Integration at Launch Site in May 2012 Schedule for Major Mission Milestones Firming Up Pad Turnover in Early April Pad First Stage Hot Fire in May Test Flight in June COTS Demo in September (Dependant on NASA approval)
36 Questions?