Safe mode (spacecraft)

For the computer operating system mode, see Safe mode (computer operating systems).

Safe mode is an operating mode of a modern spacecraft during which all non-essential systems are shut down and only essential functions such as thermal management, radio reception and attitude control are active.[1]

Triggering events

Safe mode is entered automatically upon the detection of a predefined operating condition or event that may indicate loss of control or damage to the spacecraft. Usually the trigger event is a system failure or detection of operating conditions considered dangerously out of the normal range. Cosmic rays penetrating spacecraft electrical systems can create false signals or commands and thus cause a trigger event. The central processor electronics are especially prone to such events.[2] Another trigger is the lack of a received command within a given time window. Lack of received command can come from hardware failures or missprogramming the spacecraft, the Viking_1 lander for example.

Entry

The process of entering safe mode, sometimes referred to as safing,[3] involves a number of immediate physical actions taken to prevent damage or complete loss. Power is removed from non-essential subsystems. Regaining attitude control, if lost, is the highest priority because it is necessary to maintain thermal balance and proper illumination of the solar panels.[1] A tumbling or cartwheeling spacecraft can quickly roast, freeze or exhaust its battery power and be lost forever.[4]

In safe mode

While in safe mode the preservation of the spacecraft is the highest priority. Typically all non-essential systems, such as science instruments, are shut down. The spacecraft attempts to maintain orientation with respect to the Sun for illumination of solar panels and for thermal management. The spacecraft then awaits radio commands from its mission control center monitoring for signals on its low-gain omnidirectional antenna. Exactly what happens while in safe mode is dependent on the spacecraft design and its mission.[2]

Recovery

Recovery from safe mode involves reestablishing communication between the spacecraft and mission control, downloading any diagnostic data and sequencing power back on to the various subsystems to resume the mission. The recovery time can be anywhere from a few hours to days or weeks depending on the difficulty in reestablishing communications, conditions found on the spacecraft, distance to the spacecraft and the nature of the mission.[5]

Suppression

A spacecraft's ability to enter safe mode may be suppressed during crucial spacecraft operations (such as the orbit insertion maneuver of the Cassini spacecraft at Saturn), during which – if a critical failure were to occur – most, if not all, of the mission objectives would be lost anyway.[3]

Manual entry

On occasion, a spacecraft is placed in safe mode deliberately by mission control, as the Spirit rover was on sol 451.[6]

Modern incidents

2005

2007

2009

2015

Incidents resulting in spacecraft loss or near loss

Notes

The term safing is also used to describe the process of rendering a weapon inactive (safe).[21]

References

  1. 1 2 "Recovery of a Spacecraft from Sun-Safe Mode Using a Fanbeam Antenna" (PDF). Spacecraft and Rockets 37 (6). November–December 2000.
  2. 1 2 "Planning for the Un-plannable: Redundancy, Fault Protection, Contingency Planning and Anomaly Response for the Mars Reconnaissance Orbiter Mission" (PDF). AIAA SPACE 2007 Conference & Exposition. 18–20 September 2007.
  3. 1 2 3 Cassini Spacecraft Safing
  4. 1 2 "SOHO Mission Interruption Preliminary Status and Background Report". July 15, 1998. Retrieved 2006-08-17.
  5. 1 2 "The PI's Perspective: Trip Report". NASA/Johns Hopkins University/APL/New Horizons Mission. 2007-03-27. Retrieved 2009-08-05.
  6. 1 2 "Spirit Updates 2005". NASA/JPL. Archived from the original on 2007-08-23. Retrieved 2009-08-18.
  7. "Spirit Updates 2006". NASA/JPL. Archived from the original on 2007-08-23. Retrieved 2009-08-18.
  8. "Spirit Updates 2007". NASA/JPL. Archived from the original on 2009-04-13. Retrieved 2009-08-18.
  9. Tariq Malik (August 8, 2009). "Powerful Mars Orbiter Switches to Backup Computer". SPACE.com. Retrieved 2009-08-18.
  10. "Orbiter in Safe Mode Increases Communication Rate". NASA/JPL. August 28, 2009. Archived from the original on 2011-06-11. Retrieved 2009-08-31.
  11. "Spacecraft Out of Safe Mode". NASA/JPL. December 8, 2009. Archived from the original on 2011-06-11. Retrieved 2009-12-23.
  12. "2009 July 7 Mission Manager Update". NASA. 2009-07-07. Archived from the original on 2009-06-11. Retrieved 2009-07-08.
  13. "Dawn Receives Gravity Assist from Mars". NASA/JPL. 2009-02-28. Archived from the original on 2004-10-16. Retrieved 2009-08-04.
  14. "MESSENGER Gains Critical Gravity Assist for Mercury Orbital Observations". MESSENGER Mission News. September 30, 2009. Retrieved 2009-09-30.
  15. Gipson, Lillian (6 July 2015). "NASA’s New Horizons Plans July 7 Return to Normal Science Operations". National Aeronautics and Space Administration (NASA). Retrieved 6 July 2015.
  16. Nancy G. Leveson (2004). "The Role of Software in Spacecraft Accidents" (PDF). Spacecraft and Rockets 41 (4): 564–575. Bibcode:2004JSpRo..41..564L. doi:10.2514/1.11950.
  17. "The NEAR Rendezvous Burn Anomaly of December 1998" (PDF). Final Report of the NEAR Anomaly Review Board. November 1999. Retrieved 2009-08-18.
  18. "Report Reveals Likely Causes of Mars Spacecraft Loss" (Press release). NASA. 13 April 2007. Retrieved 2009-07-10.
  19. Geraint Jones (3 October 2014). "Space, the financial frontier – how citizen scientists took control of a probe". The Conversation. Retrieved 16 January 2016.
  20. Keith Kowing (25 September 2014). "ISEE-3 is in Safe Mode". Space College. Retrieved 15 January 2016.
  21. "safing". Dictionary.com. Retrieved 2009-08-18.
This article is issued from Wikipedia - version of the Friday, February 12, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.