When the Challenger space shuttle ex-ploded 73 seconds after lift-off on
January 28, 1986, the tragedy stunned our nation. The worst disaster in the
history of our space program was televised live and replayed repeatedly
worldwide.†At first the public grieved, but as allegations of misconduct
were detailed by the media, many expressed outrage. Information became available
through NASA and the private sector only grudgingly, which created a perception
that engineers and mid-level NASA managers had disregarded potential hazards.
Reports of the disaster say that the O-rings failed. The unusually cold temperatures on the morning of the launch compromised the expandability of the O-rings. Upon ignition, hot propellant gases impinged on the primary O-rings and then penetrated both the primary and back-up O-rings. This gas permitted a flame to enter the external tank containing liquid hydrogen and oxygen. The resulting explosion destroyed the spacecraft and its seven occupants, including school teacher Christa McAuliffe.
Another look. Boston College sociology professor Diane Vaughan analyzes the events leading to the Challenger disaster in her book, The Challenger Launch Decision (University of Chicago Press, 1996), and probes further than other investigators. In the process, she rejects conventional excuses for the disaster.
Her research and investigation present an illuminating explanation which dismisses managerial wrong-doing or any singular act of negligent conduct. Instead, Dr. Vaughan examines the risk-accepting process itself, especially the decision-making process the day before the launch. During several teleconference discussions on the evening before the launch, Morton Thiokol engineers at first advised NASA officials against the launch but recanted later that night. Dr. Vaughan reexamines their recanted opposition.
However well-intentioned the investigative agencies were, they all had agendas. What they overlooked were the organizational cultures and structures. As all prior space flights succeeded, despite using O-rings that deviated from their original specification, the deviation became incrementally acceptable over time. In short, deviance became normalized thus becoming non-deviant.
Most striking is Dr. Vaughan's explanation of corporate misadventure through the sociology of mistake. No wanton, willful disregard of the consumer by corporate America occurred here. The study demonstrates how mistake, mishap, and disaster are socially organized and systematically produced by social structures. "The cause of the disaster was a mistake embedded in the (daily repetition of) organizational life and a complex culture," claims Dr. Vaughan. What makes this a universal topic for engineers is the discussion about negotiating risk versus benefit in design and production in the decision-making process. "We learn that harmful outcomes can occur in organizations constructed to prevent them as NASA was and can occur when people follow all the rules as NASA teleconference participants did."
Q: Did Dr. Vaughan come to any conclusions about how NASA could prevent such disasters in the future? Can complex organizations realistically make themselves failure-proof?
A: The last chapter of Dr. Vaughan's book sets out a number of actions which may decrease the prospects of such a disaster. However, while we can do things with the organization to make it better, it's impossible to completely avoid failure. Failure is built into the structure of an organization in the same way it's built into the structure of the technology. Given the probability for failures, as a society we need to seriously consider the consequences that we're willing to accept for these risky technologies. All of these technologies have costs and most of them are operated and manufactured by complex organizations that are also likely to fail.
Q: Was NASA more interested in cost than safety?
A: To the contrary, the NASA administrators had a history of making costly decisions in the interest of safety. They instituted a remarkably intricate system of checks and balances including four volumes of items they routinely checked. Launches were often delayed when technical or weather conditions threatened mission safety, notwithstanding the schedule and production pressures.
Q: Why wasn't the Challenger space flight equipped with an escape mechanism? Would such a mechanism have allowed the astronauts to survive?
A: This was considered by engineers of earlier designs but rejected. The decision makers concluded that a failure of the solid rocket boosters would occur on the launching pad or within the first two minutes of flight. A failure that early on in the launch meant that no abort procedures could save the crew.