Space Shuttle abort modes

From Wikipedia, the free encyclopedia

A Space Shuttle abort is an emergency procedure due to equipment failure on NASA's Space Shuttle, most commonly during ascent. A main engine failure is a typical abort scenario. There are fewer abort options during reentry and descent. For example, the Columbia disaster happened during reentry, and there were no alternatives in that portion of flight.

Later in descent certain failures are survivable, although not usually classified as an abort. For example, a flight control system problem or multiple auxiliary power unit failure could make reaching a landing site impossible, thus requiring astronauts to bail out over the ocean.

1 Ascent abort modes
2 Post-Challenger abort enhancements
3 Ejection escape systems
4 See also
5 References
6 External links

[edit] Ascent abort modes

There are five abort modes available during ascent, in addition to pad (RSLS) aborts. These are classified as intact aborts and contingency aborts.^[1] The choice of abort mode depends on how urgent the situation is, and what emergency landing site can be reached. The abort modes cover a wide range of potential problems, but the most commonly expected problem is Space Shuttle main engine (SSME) failure, causing inability either to cross the Atlantic or to achieve orbit, depending on timing and number of failed engines. Other possible non-engine failures possibly necessitating an abort include multiple auxiliary power unit (APU) failure, cabin leak, and external tank leak (ullage leak).

[edit] Redundant Set Launch Sequencer (RSLS) Abort

The SSMEs are ignited roughly 6.6 seconds before liftoff. From that point to ignition of the Solid Rocket Boosters at T - 0 seconds, the SSMEs can be shut down. This is called a "Redundant Set Launch Sequencer Abort", and has happened five times, on STS-41-D, STS-51-F, STS-51, STS-55, and STS-68. It has always happened under computer (not human) control, caused by computers sensing a problem with the SSMEs after starting but before the SRBs ignite. The SRBs cannot be turned off once ignited, and afterwards the shuttle is committed to take off. No abort options exist from the ignition of the SRBs until their burnout 123 seconds later.^[2]

[edit] Intact abort modes

There are four intact abort modes, only one of which (ATO) has ever occurred. Intact aborts are designed to provide a safe return of the orbiter to a planned landing site.

Return To Launch Site (RTLS) — the Shuttle continues downrange until the solid rocket boosters are jettisoned. It then pitches around, so the SSMEs are firing roughly against the line of travel. This maneuver occurs in a near vacuum above the appreciable atmosphere and is conceptually no different from the OMS engines firing against the line of travel to de-orbit. The main engines continue burning until downrange velocity is killed and the vehicle is headed back toward the launch site at sufficient velocity to reach a runway. Then the SSMEs are stopped, the external tank is jettisoned, and the orbiter makes a normal gliding landing on the runway at Kennedy Space Center about 25 minutes after lift-off. The CAPCOM calls out the point in the ascent at which an RTLS becomes no longer possible as "negative return," approximately four minutes after lift-off.

Transoceanic Abort Landing (TAL) — involves landing at a predetermined location in Africa or western Europe about 45 minutes after lift-off. Used when velocity, altitude and distance downrange do not allow return to the launch point via RTLS. Also used when a less time-critical failure does not require the faster but possibly more stressful RTLS abort.

Abort Once Around (AOA) — available when the shuttle cannot reach a stable orbit but has sufficient velocity to circle the earth once and land, about 90 minutes after lift-off. The time window for using the AOA abort is very short – just a few seconds between the TAL and ATO abort opportunities. Therefore, taking this option would be very rare.

Abort to Orbit (ATO) — available when the intended orbit cannot be reached but a lower stable orbit is possible. This occurred on mission STS-51-F, which continued despite the abort to a lower orbit. A hydrogen fuel leak on STS-93 resulted in a slightly lower orbit than anticipated, but was not an ATO; if the leak had been more severe, it may have necessitated an ATO, RTLS or TAL abort. The moment at which an ATO becomes possible is referred to as the "press to ATO" moment.

Abort panel on Space Shuttle Challenger. Taken during STS-51-F.

Aborts are usually initiated by the communications call from NASA's Mission Control: "abort xxx", where xxx is the specific abort mode (RTLS, TAL, AOA, ATO). For example, during the STS-51-F mission, the Mission Control Center in Houston (located at Lyndon B. Johnson Space Center) observed an SSME failure and called "Challenger--Houston, Abort ATO. Abort ATO". The spacecraft commander then rotates the cockpit abort mode switch to the ATO position and depresses the abort push button. This initiates the flight control software routines which handle the abort. In the event of lost communications, the spacecraft commander can make the abort decision and take action independently.

A TAL abort would be declared between roughly T+2:30 minutes (liftoff plus 2 minutes, 30 seconds) and Main Engine Cutoff (MECO), about T+8:30 minutes. The Shuttle would then land at a predesignated friendly airstrip in Europe. The three present TAL sites are Istres Air Base in France, and Zaragoza or Morón air bases, both in Spain. Prior to a Shuttle launch, two of them are selected depending on the flight plan, and staffed with standby personnel in case they are used. The list of TAL sites has changed over time; most recently Ben Guerir Air Base in Morocco was eliminated due to possible attack concerns. Past TAL sites have included Mallam Aminu Kano International Airport, Kano, Nigeria; Mataveri International Airport, Easter Island (for Vandenberg launches); Rota, Spain; Casablanca, Morocco; and Dakar, Senegal.

[edit] Emergency landing sites

Emergency landing sites for the Orbiter include:^[3]

Lajes (Portugal),
Beja (Portugal),
Keflavík (Iceland),
Shannon International Airport (Ireland),
RAF Fairford (United Kingdom),
Köln Bonn Airport (Germany),
Airport Manching near Munich (Germany),
Ankara (Turkey),
Banjul (Gambia),
Riyadh (Saudi Arabia),
Edwards Air Force Base, California (United States),
Diego Garcia (British Indian Ocean Territory),
Gander International Airport, Gander, Newfoundland (Canada),
Montreal/Mirabel International Airport, Mirabel (near Montreal), Quebec (Canada),
Royal Australian Air Force Base Amberley, near Brisbane, Australia
White Sands Missile Range, White Sands, New Mexico (United States)
Bangor International Airport, Bangor, Maine (United States)
Orlando International Airport, Orlando, Florida (United States)
Stewart Air National Guard Base,Newburgh, New York (United States)
Lincoln Airport, Lincoln, Nebraska (United States)

In the event of an emergency deorbit that would bring the Orbiter down in an area not within range of a designated emergency landing site, the Orbiter is theoretically capable of landing on any paved runway that is at least 3 km long, which includes the majority of large commercial airports. (In practice, a US military airfield would probably be preferred for reasons of security arrangements and minimizing the disruption of commercial air traffic.)

There is an order of preference for abort modes. ATO is the preferred abort option whenever possible. TAL is the preferred abort option if the vehicle has not yet reached a speed permitting the ATO option. AOA would only be used in the brief window between TAL and ATO options. RTLS results in the quickest landing of all abort options, but is considered the riskiest abort. Therefore it is selected only in cases where the developing emergency is so time-critical the other aborts aren't feasible, or in cases where the vehicle has insufficient energy to reach the other aborts.

Unlike all previous U.S. manned launch vehicles, the shuttle never flew unmanned test flights. To provide an incremental non-orbital manned test, NASA considered making the first mission an RTLS abort. However STS-1 shuttle commander John Young declined, saying "let's not practice Russian roulette".^[4]

[edit] Contingency aborts

Contingency aborts are designed to permit flight crew survival following more severe failures when an intact abort is not possible. A contingency abort would generally result in a ditch operation.

Were the Orbiter unable to reach a runway, it could ditch in water, or could land on terrain other than a landing site. It would be unlikely for the flight crew still on board to survive. However, for ascent abort scenarios where controlled gliding flight is achievable, a bailout is possible. For more details, see "Post-Challenger abort enhancements" below.

In the two disasters, things went wrong so fast that little could be done. In the case of Challenger, the Space Shuttle Solid Rocket Boosters were still burning as they tore free from the rest of the stack, one likely impacting the external tank. The orbiter disintegrated almost instantly from aerodynamic stresses as the stack broke up. The Columbia disaster occurred high in the atmosphere during reentry. Even if the crew had been able to bail out, they would have been killed by the heat generated at hypersonic velocities.

[edit] Post-Challenger abort enhancements

Before the Challenger disaster, STS-51-L, very limited ascent abort options existed. Only a single SSME failure was survivable prior to about 350 seconds into the ascent. Two or three failed SSMEs prior to that would mean loss of crew and vehicle (LOCV), since no bailout option existed. Two or three failed SSMEs while the SRBs are firing would have probably overstressed the struts attaching the orbiter to the external tank, causing vehicle breakup. For that reason, a Return To Launch Site (RTLS) abort wasn't possible for two or three failed SSMEs. Studies showed an ocean ditching was not survivable. Furthermore losing a second or third SSME almost anytime during an RTLS abort was a LOCV.

After STS-51-L, numerous abort enhancements were added. A two-out SSME is now survivable for the crew throughout the ascent, and the vehicle could survive and land for large portions of the ascent. A three-out SSME is survivable for the crew for most of the ascent, although three failed SSMEs before T+90 seconds is questionable. However it is conceivable that a three-out SSME just after liftoff might be survivable, since the SRBs provide enough thrust and steering authority to continue the ascent until a bailout or RTLS. The struts attaching the orbiter to the external tank were strengthened to better endure a multiple SSME failure.

A significant enhancement was bailout capability. This is not ejection as with a fighter plane, but an Inflight Crew Escape System (ICES). The vehicle is put in a stable glide on autopilot, the hatch is blown, and the crew slides out a pole to clear the orbiter's left wing. They would then parachute to earth or the sea. While this may at first appear only usable under rare conditions, in actuality there are many failure modes where reaching an emergency landing site isn't possible yet the vehicle is still intact and under control. Before the Challenger disaster, this almost happened on STS-51-F when a single SSME failed at about T+345 seconds. The orbiter in that case was Challenger. A second SSME almost failed due to a spurious temperature reading, inhibited only by a quick-thinking flight controller. If the second SSME failed within about 20 seconds of the first, there would have been insufficient energy to cross the Atlantic. Without bailout ability the entire crew would have been lost. After the Challenger loss, those types of failures are survivable. To facilitate high altitude bailouts, the crew now wears Advanced Crew Escape Suits during ascent and descent. Before the Challenger disaster, crews for operational missions wore only fabric flight suits.

Another post-Challenger enhancement was East Coast Abort Landings (ECAL). High inclination launches (all ISS missions) can now reach an emergency runway on the East Coast of the United States under certain conditions.

An ECAL abort is similar to RTLS, but instead of the Orbiter landing at the Kennedy Space Center, it would attempt to land at another site along the east coast of North America. Various emergency landing sites extend from South Carolina and Bermuda up into Newfoundland, Canada. ECAL is a contingency abort that is less desirable than an intact abort, primarily because there is so little time to choose the landing site and prepare for the Orbiter's arrival. The ECAL emergency sites are not as well equipped to accommodate an Orbiter landing.[1]

Numerous other abort refinements were added, mainly involving improved software for managing vehicle energy in various abort scenarios. These enable a greater chance of reaching an emergency runway for various SSME failure scenarios.

[edit] Ejection escape systems

An ejection escape system, sometimes called a launch escape system, has been discussed many times for the shuttle. After the Challenger and Columbia losses, great interest was expressed in this. All previous US manned space vehicles had launch escape systems, although none were ever used. Modified Lockheed SR-71 ejection seats were installed on the first four shuttle flights (all two-man missions aboard OV-102), and removed afterward. Ejection seats were not further developed for the shuttle for several reasons:

Very difficult to eject seven crew members when three or four are on the middeck (roughly the center of the forward fuselage), surrounded by substantial vehicle structure.
Limited ejection envelope. Ejection seats only work up to about 3,400 mph (2,692 knots) and 130,000 feet (39,624 m). That constitutes a very limited portion of the shuttle's operating envelope, about the first 100 seconds of the 8.5 minute powered ascent.
No help during Columbia-type reentry accident. Ejecting during a reentry accident would be fatal due to the high temperatures and wind blast at high Mach speeds.

An alternative to ejection seats is an escape crew capsule or cabin escape system where the crew ejects in protective capsules, or the entire cabin is ejected. Such systems have been used on several military aircraft. The B-58 Hustler and XB-70 Valkyrie used capsule ejection. Certain versions of the General Dynamics F-111 and Rockwell B-1 bomber used cabin ejection.

Like ejection seats, capsule ejection for the shuttle would be difficult because no easy way exists to exit the vehicle. Several crewmembers sit in the middeck, surrounded by substantial vehicle structure.

Cabin ejection would work for a much larger portion of the flight envelope than ejection seats, as the crew would be protected from temperature, wind blast, and lack of oxygen or vacuum. In theory an ejection cabin could be designed to withstand reentry, although that would entail additional cost, weight and complexity. Cabin ejection was not pursued for several reasons:

Major modifications required to shuttle, likely taking several years. During much of the period the vehicle would be unavailable.
Cabin ejection systems are heavy, thus incurring a significant payload penalty.
Cabin ejection systems are much more complex than ejection seats. They require devices to cut cables and conduits connecting the cabin and fuselage. The cabin must have aerodynamic stabilization devices to avoid tumbling after ejection. The large cabin weight mandates a very large parachute, with a more complex extraction sequence. Air bags must deploy beneath the cabin to cushion impact or provide flotation. To make on-the-pad ejections feasible, the separation rockets would have to be quite large. In short, many complex things must happen in a specific timed sequence for cabin ejection to be successful, and in a situation where the vehicle might be disintegrating. If the airframe twisted or warped, thus preventing cabin separation, or debris damaged the landing airbags, stabilization, or any other cabin system, the occupants would likely not survive.
Added risk due to many large pyrotechnic devices. Even if not needed, the many explosive devices needed to separate the cabin entail some risk of premature or uncommanded detonation.
Cabin ejection is much more difficult, expensive and risky to retrofit on a vehicle not initially designed for it. If the shuttle was initially designed with a cabin escape system, that might have been more feasible.
Cabin/capsule ejection systems have a spotty success record, likely because of the complexity.

[edit] See also

v • d • e Space Shuttle program

Main articles	Space Shuttle · Space Shuttle program

Components	Orbiter · Solid Rocket Booster · External Tank · Main Engines · Orbital Maneuvering System

Orbiters	Enterprise · Columbia · Challenger · Discovery · Atlantis · Endeavour

Launch sites	Kennedy Space Center LC-39 · Vandenberg Air Force Base · SLC-6

Landing sites	Shuttle Landing Facility · Edwards Airforce Base · White Sands Space Harbor · Abort Landing Sites

Developments	Shuttle-Derived Launch Vehicle · Shuttle-C · Ares I · Ares V

Testing	Pathfinder · MPTA · MPTA-ET · ALT

Other articles	Missions (cancelled) · Decision to build · Crews · Abort modes · Space shuttles in fiction · Crawler-transporter · Shuttle Carrier Aircraft · Space Shuttle America (motion simulator ride) · Space Shuttle Explorer (shuttle replica)