Space Shuttle abort modes

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Joema (talk | contribs) at 07:40, 2 March 2006 (Clarify ascent vs descent options). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Jump to navigation Jump to search

A space shuttle abort is an emergency procedure due to equipment failure, most commonly during ascent. A main engine failure is a typical abort scenario. There are fewer abort options during reentry and descent. For example the Columbia disaster happened during reentry, and there were no alternatives in that flight regime.

Later in descent certain failures are survivable, although not usually classified as an abort. For example, a flight control system problem or multiple auxiliary power unit failure could make reaching a landing site impossible, thus requiring astronaut bail out over the ocean.


Ascent abort modes

There are five abort modes available during ascent, plus pad aborts. These are classified as intact aborts and contingency aborts [1]. The choice of abort mode depends on estimates of what the orbiter's situation would be at the time of main engine cutoff (TMECO). The abort modes cover a wide range of potential problems, but the most common expected problem is space shuttle main engine (SSME) failure, creating inability to either cross the Atlantic or achieve orbit, depending on timing and number of failed engines. Other possible non-engine failures possibly necessitating an abort include multiple auxiliary power unit (APU) failure, cabin leak, and external tank leak (ullage leak).

Pad abort

The SSMEs can be shut down on the pad as long as the SRBs have not ignited. This is called a "pad abort", and has happened five times, on STS-41-D, STS-51-F, STS-51, STS-55, and STS-68. It has always happened under computer (not human) control, caused by computers sensing a problem with the SSMEs after starting but before the SRBs ignite. The SRBs cannot be turned off once ignited, and afterwards the shuttle is committed to take off.

Intact abort modes

There are four intact abort modes, only one of which has ever occurred. Intact aborts are designed to provide a safe return of the orbiter to a planned landing site.

  • Return To Launch Site (RTLS) — the Shuttle continues downrange until the solid rocket boosters are jettisoned. It then pitches around, so the SSMEs are firing roughly against the line of travel. This manuever takes place above the atmosphere and is conceptually no different than the OMS engines firing against the line of travel to deorbit. The main engines continue burning until downrange is killed and the vehicle is headed back toward the launch site at sufficient velocity to reach a runway. Then the SSMEs are stopped, the external tank is jettisoned, and the orbiter makes a normal gliding landing on the runway at Kennedy Space Center.
  • Transoceanic Abort Landing (TAL) — involves landing at a predetermined location in Africa or western Europe. Used when velocity, altitude and distance downrange don't allow return to the launch point via RTLS. Also used when a less time critical failure doesn't require the faster but possibly more stressful RTLS abort.
  • Abort Once Around (AOA) — available when the shuttle cannot reach a stable orbit but has sufficient velocity to circle the earth once and land. The time window for using the AOA abort is very short -- just a few seconds sandwiched between the TAL and ATO abort opportunities. Therefore taking this option would be very rare.
  • Abort to Orbit (ATO) — available when the intended orbit cannot be reached but another stable (non-decaying) orbit is possible. This occurred on mission STS-51-F, which then required replanning but was declared a success.

To the extent that the hydrogen and oxygen are not needed, they are used up deliberately to allow the ET to be discarded safely.

A TAL abort would be declared between roughly T+2:30 minutes (liftoff plus 2 minutes, 30 seconds) and Main Engine Cutoff (MECO), about T+8:30 minutes. The Shuttle would then land at a predesignated friendly airstrip in Africa or Europe. Potential sites include Istres Air Base in France; Banjul International Airport in The Gambia; and Zaragoza Air Base and Morón Air Base in Spain. Prior to a Shuttle launch, two of them are selected depending on the flight plan, and staffed with standby personnel in case they are used. The list of TAL sites has changed over time; most recently Ben Guerir Air Base in Morocco was eliminated due to terrorism concerns. Past TAL sites have included Malam Aminu Kano International Airport, Kano, Nigeria; Easter Island (for Vandenberg launches); Rota, Spain; Casablanca, Morocco; and Dakar, Senegal.

Emergency landing sites for the Orbiter include Lajes, Beja, (both Portugal), Keflavík (Iceland), Shannon International Airport (Ireland), RAF Fairford (UK), Köln Bonn Airport (Germany), Ankara (Turkey), Riyadh (Saudi Arabia), Diego Garcia (British Indian Ocean Territory).

Contingency aborts

Contingency aborts are designed to permit flight crew survival following more severe failures when an intact abort is not possible. A contingency abort would generally result in a ditch operation, though contingency aborts occuring early in the ascent may result in a landing on the east coast of the United States. These are called East Coast Abort Landings or ECAL's.

The designated sites for ECAL are Bangor, Maine; Wilmington, North Carolina; MCAS Cherry Point, North Carolina; NAS Oceana; Wallops Flight Facility; Dover Air Force Base; Atlantic City, New Jersey; Gabreski, New York; Otis ANGB; Pease International Airport (all USA); Halifax; Stephenville; St John's; Gander; and Goose Bay (all Canada).

Were the Orbiter unable to reach a runway, it could ditch in water, or could land on terrain other than a landing site. It would be unlikely for the flight crew still on board to survive. However, for ascent abort scenarios where controlled gliding flight is achievable, a bailout is possible. For more details, see below heading "Post-Challenger abort enhancements".

In the two disasters, things went wrong so fast that little could be done. In the case of Challenger, the Space Shuttle Solid Rocket Boosters were still burning as they tore free from the rest of the stack, one likely impacting the external tank. The orbiter disintegrated almost instantly from aerodynamic stresses as the stack broke up. The Columbia disaster occurred high in the atmosphere during reentry. Even if the crew had been able to bail out, they would have been killed by the heat generated by the friction of the air.

Post-Challenger abort enhancements

Before the Challenger disaster, STS-51-L, very limited ascent abort options existed. Only a single SSME failure was survivable prior to about T+350 seconds into the ascent. Two or three failed SSMEs prior to that would mean loss of crew and vehicle (LOCV), since no bailout option existed. Two or three failed SSMEs while the SRBs are firing would have probably overstressed the struts attaching the orbiter to the external tank, causing vehicle breakup. For that reason an RTLS abort wasn't possible for two or three failed SSMEs. Studies showed an ocean ditching was not survivable. Furthermore losing a second or third SSME most anytime during an RTLS abort was a LOCV.

After STS-51-L, numerous abort enhancements were added. A two-out SSME is now survivable for the crew throughout the ascent, and the vehicle could survive and land for large portions of the ascent. A three-out SSME is survivable for the crew for most of the ascent, although three failed SSMEs before T+90 seconds is questionable. However it's conceivable a three-out SSME just after liftoff might be survivable, since the SRBs provide enough thrust and steering authority to continue the ascent until a bailout or RTLS. The struts attaching the orbiter to the external tank were beefed up to better endure a multiple SSME failure.

A significant enhancement was bailout capability. This isn't ejection as with a fighter plane, but an Inflight Crew Escape System. The vehicle is put in a stable glide on autopilot, the hatch is blown, and the crew slides out a pole to clear the orbiter's left wing. They would then parachute to earth or the sea. While this may at first appear only usable under rare conditions, in actuality there are many failure modes where reaching an emergency landing site isn't possible yet the vehicle is still intact and under control. Before the Challenger disaster, this almost happened on STS-51-F when a single SSME failed at about T+345 seconds. The orbiter in that case was Challenger. A second SSME almost failed due to a spurious temperature reading, inhibited only by a quick-thinking flight controller. If the second SSME failed within about 20 seconds of the first, there would have been insufficient energy to cross the Atlantic. Without bailout ability the entire crew would have been lost. After the Challenger loss, those types of failures are survivable. To facilitate high altitude bailouts, the crew now wears Advance Crew Escape System Pressure Suits during ascent and descent. Before the Challenger disaster, crews for operational missions wore only fabric flight suits.

Another post-Challenger enhancement was East Coast Abort Landings (ECAL). High inclination launches (all ISS missions) can now reach an east coast emergency runway under certain conditions.

Numerous other abort refinements were added, mainly involving improved software for managing vehicle energy in various abort scenarios. These enable a greater chance of reaching an emergency runway for various SSME failure scenarios.

Ejection escape systems

An ejection escape system, sometimes called a launch escape system has been discussed many times for the shuttle. After the Challenger and Columbia losses, great interest was expressed in this. All previous US manned space vehicles had launch escape systems, although none were ever used. Modified Lockheed SR-71 ejection seats were installed on the first four shuttle flights (all two man missions), and removed afterward. Ejection seats were not further developed for the shuttle for several reasons:

  • Very difficult to eject seven crew members when three or four are on the middeck (roughly the center of the forward fuselage), surrounded by substantial vehicle structure
  • Limited ejection envelope. Ejection seats only work up to about Mach 3 and 90,000 feet. That constitutes a very limited portion of the shuttle's operating envelope
  • No help during Columbia-type reentry accident. Ejecting during a reentry accident would be fatal due to the high temperatures and wind blast at high Mach speeds

An alternative to ejection seats is a capsule or cabin escape system where the crew ejects in protective capsules, or the entire cabin is ejected. Such systems have been used on several military aircraft. The B-58 Hustler and XB-70 Valkyrie used capsule ejection. Certain versions of the General Dynamics F-111 and Rockwell B-1 bomber used cabin ejection.

Like ejection seats, capsule ejection for the shuttle would be difficult because there's no easy way to exit the vehicle. Several crewmembers sit in the middeck, surrounded by substantial vehicle structure.

Cabin ejection would work for a much larger portion of the flight envelope than ejection seats, as the crew would be protected from temperature, wind blast, and lack of oxygen or vacuum. In theory an ejection cabin could be designed to withstand reentry, although that would entail additional cost, weight and complexity. Cabin ejection wasn't pursued for several reasons:

  • Major modifications required to shuttle, likely taking several years. During much of the period the vehicle would be unavailable.
  • Cabin ejection systems are heavy, thus incurring a significant payload penalty
  • Cabin ejection systems are much more complex than ejection seats. They require devices to cut cables and conduits connecting the cabin and fuselage. The cabin must have aerodynamic stabilization devices to avoid tumbling after ejection. The large cabin weight mandates a very large parachute, with a more complex extraction sequence. Air bags must deploy beneath the cabin to cushion impact or provide flotation. To make on the pad ejections feasible the separation rockets would have to be quite large. In short, many complex things must happen in a specific timed sequence for cabin ejection to work, and in a situation where the vehicle might be disintegrating. If the airframe twisted or warped preventing cabin separation, or debris damaged the landing airbags, stabilization, or any other cabin system, the occupants would likely not survive
  • Added risk due to many large pyrotechnic devices. Even if not needed, the many explosive devices needed to separate the cabin entail some risk of premature or uncommanded detonation
  • Cabin ejection is much more difficult, expensive and risky to retrofit on a vehicle not initially designed for it. If the shuttle was initially designed with a cabin escape system, that might have been more feasible
  • Cabin/capsule ejection systems have a spotty success record, likely because of the complexity. This was one reason the F-111 and B-1 cabin ejection was changed to conventional ejection seats for later aircraft versions.

See also

Retrieved from "https://en.wikipedia.org/w/index.php?title=Space_Shuttle_abort_modes&oldid=41874538"