Engineering Ethics


On January 28, 1986, the space shuttle The Challenger exploded a little over a minute into the flight, killing all seven astronauts on board.  The explosion was due to a failure of the solid rocket booster O-rings.  Hot combustion gases burned past the O-rings, burning through the external fuel tank and causing the shuttle to explode.  There are several reasons this failure in O-rings occurred.  There was much political and economic pressure to launch the shuttle, causing NASA management to potentially overlook important information presented by the engineering team about the O-rings.  There were also issues with the faulty design of the solid rocket boosters designed by Morton Thiokol.  Thiokol used a design extremely similar to the Titan boosters which were successful in previous shuttles.  The only major differences of the Challenger design was a single O-ring instead of the two in the Titan, and a larger scale.  The purpose of the O-rings are to prevent the hot gases from escaping from the motor into the fuel tank.  A second O-ring was added only for security, not because it was part of the booster design.  The Challenger launch was delayed multiple times for both inclement weather and mechanical failures.  When it was determined that the mechanical failures had been fixed and the shuttle was ready for launch, cold weather caused NASA to question all of the contractors on if the launch could occur in the cold weather.  The engineers determined that the O-rings did not have sufficient testing in cold weather to know that they could withstand a launch in the cold temperatures.  NASA management decided to proceed with the launch without the engineers signing off of the launch papers.  The night of the launch, temperatures dropped as low as 8 degrees F, causing ice to form on the launch pad.  Although there was question on whether it was safe to launch with ice formations on the launch pad, NASA went ahead with the launch anyway.  During the launch, ice broke away from the launch pad, striking the left-hand booster.  The primary O-ring in the left-hand booster was too cold, and fuel at over 5000 degrees F burned through both O-rings.  100 seconds into the flight, the Challenger exploded, killing all 7 astronauts aboard.

The most important reason for the O-ring failure was the lack of communication within NASA management.  The people that approved the launch knowing there was ice on the launch pad was unaware of the discussion the night before about the lack of O-ring testing in cold temperatures.  The NASA management also went ahead with the launch knowing that the engineers did not feel that there was adequate testing of the boosters at low temperatures to approve the launch.  The next big issue was the pressure on NASA to launch.  There had been many delays on the launch already, and NASA was under a lot of pressure nationally, internationally, politically, and economically to go ahead with the launch.  Finally, the least important consideration that caused the Challenger explosion, although still a main contributor, was the faulty design of the booster.  Thiokol’s design only included a single O-ring.  Although this was a fault in the design, a secondary O-ring was added for security.  After discussing this with fellow engineering students, they agree that the major issue was the pressure to proceed with the launch from the NASA management.  The fact that there was a lack of confidence in the testing of the booster’s at low temperature, and yet NASA proceeded with the launch anyway when the temperature was low, demonstrated that the lack of communication within NASA was a huge contributor to the failure of the boosters.  If there was less pressure, NASA may have taken the time to run additional tests at lower temperatures or delay the flight until the weather was at a temperature where the boosters had been tested.  Alternative courses of action would have been delaying the launch again until the temperature raised to a temperature where the boosters had been tested. Also, the boosters could have been tested at low temperatures.  Alternatively, NASA could have picked a design for the boosters that included a second O-ring, instead of just adding a second O-ring without really incorporating it into the design of the booster.  

I believe the best course of action would have been delaying the launch until the temperature was at a temperature where the boosters had been tested and approved.  This way, there would have been no doubt that the O-rings would fail at the temperature during the launch, because it would have already been tested.  By launching the shuttle at a temperature where the boosters hadn’t been checked, there was great risk that something would go wrong, since there wasn’t sufficient testing.