|
To assure that a similar hazard potential did not exist for the External Tank LOX tank pressurization system, its design and operational history were reviewed. While oxygen system (GO2) flow control valves had a similar exposure to environmentally induced high cycle fatigue, there was at least one key design difference. The GO2 poppet material is Monel, which is more ductile and tougher than GH2 poppet material [Ref. 3].
The final rationale behind the decision to launch STS-119 was based on the confidence that the eddy current testing would reveal any signs of cracking in the FCV valves (down to very small indications), and that crack growth/propagation analysis tools had concluded that the cracks below the detection level would not propagate to failure within the span of a single-flight operation [Ref. 5].
The STS-119 was successfully launched on March 15, 2009. Main fuel system performance during ascent indicated nominal hydrogen flow control valve performance. Within a few days after the orbiter's return, the hydrogen flow control valves were removed and inspected. No cracks were found in the initial inspection.
The shuttle program now has to address the longer-term use issue. Should the FCVs be redesigned to address the current design shortcomings? How quickly can that be done? The program has less than two years left. While picking the "best" hydrogen flow control valves may address the probability of debris being generated, it does not address the other component of risk — the effect. There are some members of the program team who continue to push for installation of special "doubler" plates to re-enforce the first 90-degree bend in the hydrogen piping, which is in the direct path of any released FCV debris. The objective is to increase the elbow's resistance to penetration by the debris (reducing the potential for line failure [leakage]). The challenge is to develop a design that is both effective and non-intrusive.
Understanding the effects of "aging" systems is not just a space shuttle program concern, nor even just a NASA agency-level effort. Concerns about military and commercial aircraft aging issues have grown during the past few years as many different aircraft have been subjected to extended operational lives.
The U.S. Air Force has done a number of studies on the challenges of operating aging aircraft in an operational force. In 1997, the National Research Council Committee on Aging of U.S. Air Force Aircraft issued a report that addressed the threat of structural deterioration of U.S. Air Force aircraft. Among its many conclusions and recommendations, it noted that "the inexorable increase in the number of fatigue-critical areas safe-rack-growth-designed structure and the potential for missing new areas as they develop" requires improvements in analysis techniques, supporting testing and "to improve NDE techniques that are sensitive enough to detect small cracks in multilayered and hidden structures to support safety inspections" [Ref. 6].
In March, 2006, the FAA issued a fact sheet that gave an overview of its Aging Airplane Program. The FAA program was initiated after the 1988 Aloha Airlines accident to address airplanes being operated beyond original design service goals, and the fact that original maintenance plans were not required to address potential age-related issues. The program has been updated and expanded in a series of responses to the Aging Airplane Safety Act of 1991, the 1996 TWA 800 accident and the 1998 Swiss Air accident [Ref. 7].
In addition to the problems caused by aging aircraft structures, other major systems were also exhibiting the effects of extended operation. In October,1998, the FAA began the Aging Transport Non-Structural Systems program, modeled after the aging structures program.
One measure of the extent of the problem is the fact that the FAA has issued more than 700 Airworthiness Directives (ADs) to address specific safety concerns or "unsafe conditions" on specific airplane types since 1990. Areas addressed include airplane structural issues (540), fuel tank safety issues (85) and wiring safety issues (110) [Ref. 7].
Separately, the FAA has promoted safety measures through general rule-making that addresses the aging aircraft structure and wiring concerns:
- Repair Assessment Program Rule (RAP) — April 19, 2000
- Fuel Tank Safety Rule (FTS) — April 19, 2001
- Aging Airplane Safety Rule (AASR) — January 25, 2005
- Enhanced Airworthiness Program for Airplane Systems (EAPAS) — September 22, 2005
- Widespread Fatigue Damage (WFD) — April 18, 2006
The FAA program continues to develop with new requirements and rules. A new rule issued in December, 2007, requires holders of design approvals to give aircraft operators access to damage tolerance data for repairs and alterations to fatigue-critical airplane structure [Ref. 8].
Finally, one online source of information for the different studies on aircraft aging is the annual Aircraft Aging Conference, now in its 12th year. Papers (and presentations) from the 2008 conference can be found at http://www.aaproceedings.utcdayton.com/. The range of papers and the organization involved are quite impressive.
What does all of this mean to a system safety analyst supporting a program with an extended operational life? First, the system safety analyst must keep in close touch with the performance of the hardware in the field. It is also important to be in constant communication with the reliability analysis team. The analyst needs a clear understanding of the hardware's expected life, as well as any analysis and/or testing done to support extensions of the system's operational life.
Before or after an anomaly is identified, it is important that the system safety analyst understands the strengths and limitations of any inspection technique. While the inspection equipment pedigree might be impressive, it is the results that count.
The recent NASA experience with the STS-126 flow control valve poppets and the general experience with aging DoD and commercial aircraft have re-enforced the need for increased vigilance in the operation of aging hardware. There is a need for better information gathered by increased numbers of inspections and the use of improved inspection techniques to identify developing conditions. There is also a need for analyses that address the potential safety issues with aging systems.
Hazard analysis and any related risk assessments should never be allowed to become stagnant. System operations can reveal unanticipated hazard causes and unexpected shortcomings in hazard controls and/or associated verifications of hazard control functions or activities.
The system safety analyst must also be wary of temporary or emergency design "fixes" that tend to become permanent. Managers of programs in the final stages of a system's life-cycle are generally reluctant to make extensive (or expensive) design changes to address root causes. They are more likely to utilize expanded analysis and increased hardware inspections to address aging hardware issues.
References:
1. NASA Summary Sheet. "Gaseous Hydrogen Flow Control Valves," National Aeronautics Space Administration, Washington, DC, February 2009.
2. Shuttle Reference Manual. National Aeronautics Space Administration, Washington, DC, 1988.
3. Bergin, Chris. "Understanding the Threats — FCV Flight Rationale Effort Outlined," NASA Spaceflight.com Web page (http://www.nasaspaceflight.com), Feb. 5, 2009.
4. "Examiner Exclusive 2: NASA Pressure Builds with Critical Valve Problems Dating Back to 1992," http://www.insideksc.com, Feb. 7, 2009.
5. Bergin, Chris. "FRR Clears STS-119 for March 11, Pending SRB Resolution," NASA Spaceflight.com Web page (http://www.nasaspaceflight.com), March 6, 2009.
6. Committee on Aging of U.S. Air Force Aircraft, Commission on Engineering and Technical Systems. "Aging of U.S. Air Force Aircraft: Final Report," National Research Council, National Academy of Sciences, Washington, DC, 1997.
7. FAA Fact Sheet. "FAA's Aging Airplane Program," Federal Aviation administration, Washington, DC, March 29, 2006.
8. Schneider, Greg. "New Part 26 DAH Rule, Damage Tolerance Data for Repairs and Alterations," DAH Familiarization Briefing for Part 26 DAH Rule (AASR), Cologne, Germany, Dec. 14, 2007.
« previous page
|
