Author Topic: NASA class MMOD as primary threat to commercial crew vehicles  (Read 15262 times)

Offline whitelancer64

Here's a couple of resources for anyone interested in some further reading on MMOD:

Micrometeoroid and Orbital Debris (MMOD) Risk Overview (July 2014, 32 pages)
https://www.nasa.gov/sites/default/files/files/E_Christiansen-MMODriskOverview.pdf

Handbook for Designing MMOD Protection (June 2009, 152 pages)
https://ston.jsc.nasa.gov/collections/trs/_techrep/TM-2009-214785.pdf
"One bit of advice: it is important to view knowledge as sort of a semantic tree -- make sure you understand the fundamental principles, ie the trunk and big branches, before you get into the leaves/details or there is nothing for them to hang on to." - Elon Musk
"There are lies, damned lies, and launch schedules." - Larry J

Online Steven Pietrobon

  • Member
  • Senior Member
  • *****
  • Posts: 10447
  • Adelaide, Australia
    • Steven Pietrobon's Space Archive
  • Liked: 2189
  • Likes Given: 298
For those who don't know, the way engineers assess risk is with Risk Priority Number spreadsheets. Basically the risk is broken down into 3 parts: the possible Severity of the risk, the Frequency or Occurrence of the risk, and the ability to Detect or Prevent the risk. Each part is given a number between 1 and 10, one being the least and 10 the most. These numbers are then multiplied together, with the final number assessing the risk on a scale of 1-1000. Then risks with the highest numbers are given the highest priority for correction or reduction.

Wow, that method is just wrong. The range should be from 0 to 10, with any real value in between (a mathematician would have any value between 0 and 1). A way better estimate of the risk is

integral from 0 to m_max integral from 0 to v_max S(m*v²/2)*A*T*P(m,v)*D(m) dm dv

where

A = cross sectional area of spacecraft
T = time in orbit
m = mass of debris
m_max = maximum debris mass
v = velocity of debris
v_max = maximum debris velocity
S(E) = severity as a function of impact energy
P(m,v) = mass and velocity debris probability distribution per unit area and unit time
D(m) = Detect or Prevent as a function of debris mass

A good engineer should be able to come up with estimates of these functions.

Quote
We know that MMOD strikes occur on every spaceflight, so that's also a 10.

That would result in an over estimation of the risk. Most impacts are very small which have almost zero risk.
« Last Edit: 08/24/2016 07:25 AM by Steven Pietrobon »
Akin's Laws of Spacecraft Design #1:  Engineering is done with numbers.  Analysis without numbers is only an opinion.

Offline Hobbes-22

  • Full Member
  • ***
  • Posts: 332
  • Acme Engineering
    • Acme Engineering shop
  • Liked: 95
  • Likes Given: 69

That's not a very good comparison. The risk of having a lethal car accident is .01%/yr in the US.
 
Not many civilian activities carry a 1% risk of dying.

Accidents of all types are 5% of US deaths.

But that's an entirely different metric. A person has nowhere near a 5%/yr chance of dying due to an accident.

Offline baldusi

  • Senior Member
  • *****
  • Posts: 7416
  • Buenos Aires, Argentina
  • Liked: 1411
  • Likes Given: 4389
Again, just because there haven't been catastrophic failures doesn't mean there is no risk.
Literally nobody is saying that.   Why do you keep repeating it like someone is?
Quote
The overall risk level is still high because a MMOD strike to a critical system could easily cause loss of crew or vehicle.
Actually, based on the number of LOV (zero) from MMOD damage on a rather large number of flights, this is provably wrong.  Depending on your definition of "high", I guess.  Certainly the risk level is high compared to flying in an airplane.  Compared to the Shuttle risks not associated with MMOD I'd say they are rather low.
Regrettably, that's not how statistics work. The fact that Shuttle had the failures that it had, and not MMOD, might have been by pure chance. There's not enough statistical samples in all Shuttle history to say otherwise.
Challenger was a particularly bad example, because at those temperatures it was to fail. It was almost a certainty. Edward Tufte book is more than clear on that. You use statistics for things that are chance, but if you get out of the specified range, you might get into straight certainties.

Offline baldusi

  • Senior Member
  • *****
  • Posts: 7416
  • Buenos Aires, Argentina
  • Liked: 1411
  • Likes Given: 4389
I believe it's quite important that we frame the ASAP's problem clearly:
They want a probability of LOC to be less than 1/270 chance, for a crewed vehicle that launches, stays docked at the ISS for 210days and returns safely.
Launch and return might well be characterized by all launch history. But the 210 days stay is what has (relatively speaking) little history. 210days per 270 means that a ship should be in space 155 years before having a MMOD of a severity that would cause a LOC. And that's actually not true because that assumes that launch and re-entry risks are zero. So the actual target might be 500years or more.
Current flight history of every single crewed and robotic ship has zero statistical significance here. This require extensive engineering to came up with good estimations. It will probably also constrain orbital attitudes and such.
Let's not forget that Soyuz are docked in aft of ISS, where they are more protected than the USOS fore side. In fact, all Commercial Crew vehicles are docked with their heat shields pointed fore.

Offline DMeader

  • Full Member
  • ****
  • Posts: 952
  • Liked: 98
  • Likes Given: 47
In fact, all Commercial Crew vehicles are docked with their heat shields pointed fore.

Not when PMA-3 gets moved to Node 2 zenith.
« Last Edit: 08/24/2016 01:07 PM by DMeader »

Offline whitelancer64

For those who don't know, the way engineers assess risk is with Risk Priority Number spreadsheets. Basically the risk is broken down into 3 parts: the possible Severity of the risk, the Frequency or Occurrence of the risk, and the ability to Detect or Prevent the risk. Each part is given a number between 1 and 10, one being the least and 10 the most. These numbers are then multiplied together, with the final number assessing the risk on a scale of 1-1000. Then risks with the highest numbers are given the highest priority for correction or reduction.

Wow, that method is just wrong. The range should be from 0 to 10, with any real value in between (a mathematician would have any value between 0 and 1). A way better estimate of the risk is

integral from 0 to m_max integral from 0 to v_max S(m*v²/2)*A*T*P(m,v)*D(m) dm dv

where

A = cross sectional area of spacecraft
T = time in orbit
m = mass of debris
m_max = maximum debris mass
v = velocity of debris
v_max = maximum debris velocity
S(E) = severity as a function of impact energy
P(m,v) = mass and velocity debris probability distribution per unit area and unit time
D(m) = Detect or Prevent as a function of debris mass

A good engineer should be able to come up with estimates of these functions.

Quote
We know that MMOD strikes occur on every spaceflight, so that's also a 10.

That would result in an over estimation of the risk. Most impacts are very small which have almost zero risk.

You've never heard of Failure Mode and Effect Analysis (FMEA)?
"One bit of advice: it is important to view knowledge as sort of a semantic tree -- make sure you understand the fundamental principles, ie the trunk and big branches, before you get into the leaves/details or there is nothing for them to hang on to." - Elon Musk
"There are lies, damned lies, and launch schedules." - Larry J

Offline woods170

  • IRAS fan
  • Senior Member
  • *****
  • Posts: 6790
  • IRAS fan
  • The Netherlands
  • Liked: 2271
  • Likes Given: 682
Let's not forget that Soyuz are docked in aft of ISS, where they are more protected than the USOS fore side. In fact, all Commercial Crew vehicles are docked with their heat shields pointed fore.
Yes, and both Boeing and SpaceX will have shielding in place to lower the risk of MMOD damage to the primary heatshield. For Dragon 2 this is a wipple shield (doubling as an aerodynamic brake for the trunk in case of a pad abort/in-flight abort) at the capsule-to-trunk interface. And CST-100 has got a whole service module protecting the primary heatshield.
« Last Edit: 08/24/2016 03:22 PM by woods170 »

Offline whitelancer64

Again, just because there haven't been catastrophic failures doesn't mean there is no risk.
Literally nobody is saying that.   Why do you keep repeating it like someone is?
Quote
The overall risk level is still high because a MMOD strike to a critical system could easily cause loss of crew or vehicle.
Actually, based on the number of LOV (zero) from MMOD damage on a rather large number of flights, this is provably wrong.  Depending on your definition of "high", I guess.  Certainly the risk level is high compared to flying in an airplane.  Compared to the Shuttle risks not associated with MMOD I'd say they are rather low.
Regrettably, that's not how statistics work. The fact that Shuttle had the failures that it had, and not MMOD, might have been by pure chance. There's not enough statistical samples in all Shuttle history to say otherwise.
Challenger was a particularly bad example, because at those temperatures it was to fail. It was almost a certainty. Edward Tufte book is more than clear on that. You use statistics for things that are chance, but if you get out of the specified range, you might get into straight certainties.

The statistical chance of a failure mode occurring can be very low, however, the amount of risk of that failure mode will remain the same, i.e., if a MMOD strike makes a direct hit on a critical system, then you're always going to have a bad day, even if that MMOD strike on a critical system only occurs once in a thousand spaceflights. That risk level can only be reduced by engineering solutions to reduce it.

An example of this is where the Shuttle's radiator got additional MMOD shielding and that directly prevented a MMOD strike from damaging a coolant loop that would have caused a mission abort:

research.jsc.nasa.gov/BiennialResearchReport/2011/265-2011-Biennial.pdf
"One bit of advice: it is important to view knowledge as sort of a semantic tree -- make sure you understand the fundamental principles, ie the trunk and big branches, before you get into the leaves/details or there is nothing for them to hang on to." - Elon Musk
"There are lies, damned lies, and launch schedules." - Larry J

Offline SWGlassPit

  • I break space hardware
  • Full Member
  • ****
  • Posts: 409
  • Liked: 240
  • Likes Given: 33
The word "risk" gets you into trouble here.  Risk has two dimensions to it -- likelihood and consequence.  Both aspects need to be managed.

Offline Brovane

  • Full Member
  • ****
  • Posts: 963
  • United States
  • Liked: 441
  • Likes Given: 896
So how far off are Dragon and CST-100 from the requested 1 in 270 number? 
"Look at that! If anybody ever said, "you'll be sitting in a spacecraft naked with a 134-pound backpack on your knees charging it", I'd have said "Aw, get serious". - John Young - Apollo-16

Online Steven Pietrobon

  • Member
  • Senior Member
  • *****
  • Posts: 10447
  • Adelaide, Australia
    • Steven Pietrobon's Space Archive
  • Liked: 2189
  • Likes Given: 298
You've never heard of Failure Mode and Effect Analysis (FMEA)?

Yes, I've heard of FMEA. If that's how its done with ranges of 1 to 10, then the method is mathematically flawed.
Akin's Laws of Spacecraft Design #1:  Engineering is done with numbers.  Analysis without numbers is only an opinion.

Offline SWGlassPit

  • I break space hardware
  • Full Member
  • ****
  • Posts: 409
  • Liked: 240
  • Likes Given: 33
So how far off are Dragon and CST-100 from the requested 1 in 270 number?

I don't think you're going to find that information publicly available.

Offline baldusi

  • Senior Member
  • *****
  • Posts: 7416
  • Buenos Aires, Argentina
  • Liked: 1411
  • Likes Given: 4389
Again, just because there haven't been catastrophic failures doesn't mean there is no risk.
Literally nobody is saying that.   Why do you keep repeating it like someone is?
Quote
The overall risk level is still high because a MMOD strike to a critical system could easily cause loss of crew or vehicle.
Actually, based on the number of LOV (zero) from MMOD damage on a rather large number of flights, this is provably wrong.  Depending on your definition of "high", I guess.  Certainly the risk level is high compared to flying in an airplane.  Compared to the Shuttle risks not associated with MMOD I'd say they are rather low.
Regrettably, that's not how statistics work. The fact that Shuttle had the failures that it had, and not MMOD, might have been by pure chance. There's not enough statistical samples in all Shuttle history to say otherwise.
Challenger was a particularly bad example, because at those temperatures it was to fail. It was almost a certainty. Edward Tufte book is more than clear on that. You use statistics for things that are chance, but if you get out of the specified range, you might get into straight certainties.

The statistical chance of a failure mode occurring can be very low, however, the amount of risk of that failure mode will remain the same, i.e., if a MMOD strike makes a direct hit on a critical system, then you're always going to have a bad day, even if that MMOD strike on a critical system only occurs once in a thousand spaceflights. That risk level can only be reduced by engineering solutions to reduce it.

An example of this is where the Shuttle's radiator got additional MMOD shielding and that directly prevented a MMOD strike from damaging a coolant loop that would have caused a mission abort:

research.jsc.nasa.gov/BiennialResearchReport/2011/265-2011-Biennial.pdf
I'm pretty well aware of minimazing the chance of maximum damage. May be you wanted to answer some other point of mine? I really don't quite follow your post to mine.
But as I said above, for minimizing P(LOC), you want to focus on P(LOC|Event). And while MMOD are high, LOC causing MMOD are less. Thus, the correct assesment is not P(MMOD)*LOCseverity, but P(MMOD)*P(LOC|MMOD) and severity of LOC is the same for every problem.
In other words, if a LOC would kill the crew and another vaporize it, but the chance of the former is higher than the latter, you should minimize the first before the second, assuming equal mitigation effort/risk.

Offline woods170

  • IRAS fan
  • Senior Member
  • *****
  • Posts: 6790
  • IRAS fan
  • The Netherlands
  • Liked: 2271
  • Likes Given: 682
You can't assure safety even while walking across the street.  1/270 is the standard, if I understood the article, because that's what Orion is supposed to have.  That the CC contractors apparently haven't met that 1/270 PBRA is causing concern. 

Returning to your original post Jeff. The key to this whole 1/270 thing is this, as mentioned in Chris' article:

Quote
The key will be to refine the MMOD threat data, which is based on historical flight information and may be – due to NASA requirements – overly conservative.

“The MMOD damage analysis depends on the modeling of the environment, which is in many aspects speculative and quite robust,” added the minutes (from ASAP).

“There are discussions regarding gathering additional historical information to determine if the environmental model is perhaps too robust. All answers are yet to be determined.”

It appears that some of the "pain" of this 1/270 number comes from NASA using overly conservative MMOD environmental models.
« Last Edit: 08/25/2016 06:17 PM by woods170 »

Online Robotbeat

  • Senior Member
  • *****
  • Posts: 25884
  • Minnesota
  • Liked: 5930
  • Likes Given: 4406
If NASA gets uppity about it, say the astronauts have to remain suited the whole time. That'll get approval done for the early missions, then the astronaut corp would get mad and say they don't have to wear the suits.


Maybe add a sublimator cooler, too. If that's a major problem.
Chris  Whoever loves correction loves knowledge, but he who hates reproof is stupid.

To the maximum extent practicable, the Federal Government shall plan missions to accommodate the space transportation services capabilities of United States commercial providers. US law http://goo.gl/YZYNt0

Offline whitelancer64

You've never heard of Failure Mode and Effect Analysis (FMEA)?

Yes, I've heard of FMEA. If that's how its done with ranges of 1 to 10, then the method is mathematically flawed.

The Risk Priority Number (RPN) uses values assigned from 1-10. I've already explained this. It's one part of the FMEA process, which you clearly aren't familiar with.

http://www.reliasoft.com/newsletter/2q2003/rpns.htm
"One bit of advice: it is important to view knowledge as sort of a semantic tree -- make sure you understand the fundamental principles, ie the trunk and big branches, before you get into the leaves/details or there is nothing for them to hang on to." - Elon Musk
"There are lies, damned lies, and launch schedules." - Larry J

Offline srtreadgold

  • Engineer
  • Member
  • Posts: 37
  • Houston
  • Liked: 28
  • Likes Given: 87
If NASA gets uppity about it, say the astronauts have to remain suited the whole time. That'll get approval done for the early missions, then the astronaut corp would get mad and say they don't have to wear the suits.

That only protects against LOC from pressure vessel penetration, other factors could also result in LOC that the suits wouldn't help.

Online Robotbeat

  • Senior Member
  • *****
  • Posts: 25884
  • Minnesota
  • Liked: 5930
  • Likes Given: 4406
If NASA gets uppity about it, say the astronauts have to remain suited the whole time. That'll get approval done for the early missions, then the astronaut corp would get mad and say they don't have to wear the suits.

That only protects against LOC from pressure vessel penetration, other factors could also result in LOC that the suits wouldn't help.
Another major one is loss of coolant. Why did you edit out the sublimator part?

pressure vessel penetration is probably the biggest one, since if that happens, there's not a lot you can do if you're not suited up. With the other things, there are options, provided you're in a somewhat stable orbit (which you will be 99.9% of the time)
Chris  Whoever loves correction loves knowledge, but he who hates reproof is stupid.

To the maximum extent practicable, the Federal Government shall plan missions to accommodate the space transportation services capabilities of United States commercial providers. US law http://goo.gl/YZYNt0

Offline srtreadgold

  • Engineer
  • Member
  • Posts: 37
  • Houston
  • Liked: 28
  • Likes Given: 87
If NASA gets uppity about it, say the astronauts have to remain suited the whole time. That'll get approval done for the early missions, then the astronaut corp would get mad and say they don't have to wear the suits.

That only protects against LOC from pressure vessel penetration, other factors could also result in LOC that the suits wouldn't help.
Another major one is loss of coolant. Why did you edit out the sublimator part?

pressure vessel penetration is probably the biggest one, since if that happens, there's not a lot you can do if you're not suited up. With the other things, there are options, provided you're in a somewhat stable orbit (which you will be 99.9% of the time)

Pressure vessel penetration is probably not the biggest one. Pressure vessels tend to be well-protected. Other systems not so much. Spacecraft repair in-orbit is difficult.

Tags: