Technical Challenges in Missile and Space Projects

Missiles were developed from simple rocketry experimentation between World Wars I and II. Experimenters such as Robert Goddard and Frank Ma – lina in the United States, von Braun in Germany, Robert Esnault-Pelterie in France, and Valentin Glushko in the Soviet Union found rocketry experimen­tation a dangerous business. All of them had their share of spectacular mis­haps and explosions before achieving occasional success.5

The most obvious reason for the difficulty of rocketry was the extreme volatility of the fluid or solid propellants. Aside from the dangers of handling exotic and explosive materials such as liquid oxygen and hydrogen, alcohols, and kerosenes, the combustion of these materials had to be powerful and controlled. This meant that engineers had to channel the explosive power so that the heat and force neither burst nor melted the combustion chamber or nozzle. Rocket engineers learned to cool the walls ofthe combustion chamber and nozzle by maintaining a flow of the volatile liquids near the chamber and nozzle walls to carry off excess heat. They also enforced strict cleanliness in manufacturing, because impurities or particles could and did lodge in valves and pumps, with catastrophic results. Enforcement of rigid cleanliness stan­dards and methods was one of many social solutions to the technical problems of rocketry.6

Engineers controlled the explosive force of the combustion through care­fully designed liquid feed systems to smoothly deliver fuel. Instabilities in the fuel flow caused irregularities in the combustion, which often careened out of control, leading to explosions. Hydrodynamic instability could also ensue if the geometry of the combustion chamber or nozzle was inappropriate. Engi­neers learned through experimentation the proper sizes, shapes, and relation­ships of the nozzle throat, nozzle taper, and combustion chamber geometry. Because of the nonlinearity of hydrodynamic interactions, which implied that mathematical analyses were of little help, experimentation rather than theory determined the problems and solutions. For the Saturn rocket engines, von Braun’s engineers went so far as to explode small bombs in the rocket ex­haust to create hydrodynamic instabilities, to make sure that the engine de­sign could recover from them.7 For solid fuels, the shape of the solid deter­mined the shape of the combustion chamber. Years of experimentation at JPL eventually led to a star configuration for solid fuels that provided steady fuel combustion and a clear path for exiting hot gases. Once engineers determined the proper engine geometry, rigid control of manufacturing became utterly critical. The smallest imperfection could and did lead to catastrophic failure. Again, social control in the form of inspections and testing was essential to ensuring manufacturing quality.

Rocket engines create severe structural vibrations. Aircraft designers rec­ognized that propellers caused severe vibrations, but only at specific frequen­cies related to the propeller rotation rate. Jet engines posed similar prob­lems, but at higher frequencies corresponding to the more rapid rotation of turbojet rotors. Rocket engines were much more problematic because their vibrations were large and occurred at a wide range of nearly random frequen­cies. The loss of fuel also changed a rocket’s resonant frequencies, at which the structure bent most readily. This caused breakage of structural joints and the mechanical connections of electrical equipment, making it difficult to fly sensitive electrical equipment such as vacuum tubes, radio receivers, and guidance systems. Vibrations also occurred because of fuel sloshing in the emptying tanks and fuel lines. These ‘‘pogo’’ problems could be tested only in flight.

Vibration problems could not generally be solved through isolated tech­nical fixes. Because vibration affected electrical equipment and mechanical connections throughout the entire vehicle, this problem often became one of the first so-called system issues — it transcended the realm of the structural engineer, the propulsion expert, or the electrical engineer alone. In the 1950s, vibration problems led to the development of the new discipline of reliability and to the enhancement of the older discipline of quality assurance, both of which crossed the traditional boundaries between engineering disciplines.8

Reliability and quality control required the creation or enhancement of so­cial and technical methods. First, engineers placed stronger emphasis on the selection and testing of electronic components. Parts to be used in missiles had to pass more stringent tests than those used elsewhere, including vibra­tion tests using the new vibration, or ‘‘shake,’’ tables. Second, technicians as­sembled and fastened electronic and mechanical components to electronic boards and other components using rigorous soldering and fastening meth­ods. This required specialized training and certification of manufacturing workers. Third, to ensure that manufacturing personnel followed these pro­cedures, quality assurance personnel witnessed and documented all manufac­turing actions. Military authorities gave quality assurance personnel indepen­dent reporting and communication channels to avoid possible pressures from contractors or government officials. Fourth, all components used in missiles and spacecraft had to be qualified for the space environment through a series of vibration, vacuum, and thermal tests. The quality of the materials used in flight components, and the processes used to create them, had to be tightly controlled as well. This entailed extensive documentation and verification of materials as well as of processes used by the component manufacturers. Orga­nizations traced every part from manufacturing through flight.9

Only when engineers solved the vibration and environmental problems could they be certain the rocket’s electronic equipment would send the signals necessary to determine how it was performing. Unlike aircraft, rockets were automated. Although automatic machinery had grown in importance since the eighteenth century, rockets took automation to another level. Pilots could fly aircraft because the dynamics of an aircraft moving through the air were slow enough that pilots could react sufficiently fast to correct deviations from the desired path and orientation of the aircraft. The same does not hold true for rockets. Combustion instabilities inside rocket engines occur in tens of milliseconds, and explosions within 100 to 500 milliseconds thereafter, leaving no time for pilot reaction. In addition, early rockets had far too little thrust to carry something as heavy as a human.

Because rockets and satellites were fully automated, and also because they went on a one-way trip, determining if a rocket worked correctly was (and is) problematic. Engineers developed sophisticated signaling equipment to send performance data to the ground. Assuming that this telemetry equip­ment survived the launch and vibration of the rocket, it sent sensor data to a ground receiving station that recorded it for later analysis. Collecting and processing these data was one of the first applications of analog and digital computing. Engineers used the data to determine if subsystems worked cor­rectly, or more importantly, to determine what went wrong if they did not. The military’s system for problem reporting depended upon pilots, but con­tractors and engineers would handle problem reporting for the new technolo­gies — a significant social change. Whereas in the former system, the military tested and flew aircraft prototypes, for the new technologies contractors flew prototypes coming off an assembly line of missiles and the military merely witnessed the tests.10

Extensive use of radio signals caused more problems. Engineers used radio signals to send telemetry to ground stations and to send guidance and de- struct signals from ground stations to rockets. They carefully designed the electronics and wiring so that electromagnetic waves from one wire did not interfere with other wires or radio signals. As engineers integrated numerous electronic packages, the interference of these signals occasionally caused fail­ures. The analysis of ‘‘electromagnetic interference’’ became another systems specialty.11

Automation also included the advanced planning and programming of rocket operations known as sequencing. Rocket and satellite engineers de­veloped automatic electrical or mechanical means to open and close propul­sion valves as well as fire pyrotechnics to separate stages, release the vehicle from the ground equipment, and otherwise change rocket functions. These ‘‘sequencers’’ were usually specially designed mechanical or electromechani­cal devices, but they soon became candidates for the application of digital computers. A surprising number of rocket and satellite failures resulted from improper sequencing or sequencer failures. For example, rocket stage sepa­ration required precise synchronization of the electrical signals that fired the pyrotechnic charges with the signals that governed the fuel valves and pumps controlling propellant flow. Because engineers sometimes used engine turbo­pumps to generate electrical power, failure to synchronize the signals for sepa­ration and engine firing could lead to a loss of sequencer electrical power. This in turn could lead to a collision between the lower and upper stages, to an engine explosion or failure to ignite, or to no separation. The solution to se­quencing problems involved close communication among a variety of design and operations groups to ensure that the intricate sequence of mechanical and electrical operations took place in the proper order.12

Because satellites traveled into space by riding on rockets, they shared some of the same problems as rockets, as well as having a few unique features. Satellites had to survive launch vehicle vibrations, so satellite designers ap­plied strict selection and inspection ofcomponents, rigorous soldering meth­ods, and extensive testing. Because of the great distances involved-particu – larly for planetary probes-satellites required very high performance radio equipment for telemetry and for commands sent from the ground.13

Thermal control posed unique problems for spacecraft, in part because of the temperature extremes in space, and in part because heat is difficult to dissipate in a vacuum. On Earth, designers explicitly or implicitly use air currents to cool hot components. Without air, spacecraft thermal design re­quired conduction of heat through metals to large surfaces where the heat could radiate into space. Engineers soon designed large vacuum chambers to test thermal designs, which became another systems specialty.

Unlike the space thermal environment, which could be reproduced in a vacuum chamber, weightlessness could not be simulated by Earth-based equipment. The primary effect of zero gravity was to force strict standards of cleanliness in spacecraft manufacturing. On Earth, dust, fluids, and other contaminants eventually settle to the bottom of the spacecraft or into corners where air currents slow. In space, fluids and particles float freely and can dam­age electrical components. Early spacecraft did not usually have this problem because many of them were spin stabilized, meaning that engineers designed them to spin like a gyroscope to hold a fixed orientation. The spin caused particles to adhere to the outside wall of the interior of the spacecraft, just as they would on the ground where the spacecraft would have been spin tested.

Later spacecraft like JPL’s Ranger series used three-axis stabilization whereby the spacecraft did not spin. These spacecraft, which used small rocket engines known as thrusters to hold a fixed orientation, were the first to en­counter problems with floating debris. For example, the most likely cause of the Ranger 3 failure was a floating metal particle that shorted out two adjacent wires. To protect against such events, engineers developed conformal coating to insulate exposed pins and connectors. Designers also separated electrically hot pins and wires so that floating particles could not connect them. Engi­neers also reduced the number of particles by developing clean rooms where technicians assembled and tested spacecraft.

Many problems occurred when engineers or technicians integrated com­ponents or subsystems, so engineers came to pay particular attention to these interconnections, which they called interfaces. Interfaces are the boundaries between components, whether mechanical, electrical, human, or “logical,” as in the case of connections between software components. Problems between components at interfaces are often trivial, such as mismatched connectors or differing electrical impedance, resistance, or voltages. Mismatches between humans and machines are sometimes obvious, such as a door too high for a human to reach, or an emergency latch that takes too long to operate. Others are subtle, such as a display that has too many data or a console with distract­ing lights. Finally, operational sequences are interfaces of a sort. Machines can be (and often are) so complicated to operate that they are effectively unusable. Spacecraft, whether manned or unmanned, are complex machines that can be operated only by people with extensive training or by the engineers who built them. Greater complexity increases the potential for operator error. It is probably more accurate to classify operator errors as errors in design of the human-machine interface.14

Many technical failures can be attributed to interface problems. Simple problems are as likely to occur as complex ones. The first time the Ger­mans and Italians connected their portions of the Europa rocket, the diame­ters of the connecting rings did not match. Between the British first stage and the French second stage, electrical sequencing at separation caused com­plex interactions between the electrical systems on each stage, leading ulti­mately to failure. Other interface problems were subtle. Such was the failure of Ranger 6 as it neared the Moon, ultimately traced to flash combustion of propellant outside of the first stage of the launch vehicle, which shorted out some poorly encased electrical pins on a connector between the launch ve­hicle and the ground equipment. Because the electrical circuits connected the spacecraft to the offending stage, this interface design flaw led to a spacecraft failure three days later.15

Some farsighted managers and engineers recognized that interfaces repre­sented the connection not simply between hardware but also between indi­viduals and organizations. Differences in organizational cultures, national characteristics, and social groups became critical when these groups had to work together to produce an integrated product. As the number of organiza­tions grew, so too did the problems of communication. Project managers and engineers struggled to develop better communication methods.

As might be expected, international projects had the most difficult prob­lems with interfaces. The most severe example was ELDO’s Europa I and Europa II projects. With different countries developing each of three stages, a test vehicle, and the ground and telemetry equipment, ELDO had to deal with seven national governments, military and civilian organizations, and national jealousies on all sides. Within one year after its official inception, both ELDO and the national governments realized that something had to be done about the ‘‘interface problem.’’ An Industrial Integrating Group formed for the pur­pose could not overcome the inherent communication problems, and every one of ELDO’s flights that involved multiple stages failed. All but one failed because of interface difficulties.16

By the early 1960s, systems engineers developed interface control docu­ments to record and define interfaces between components. On the manned space projects, special committees with members from each contributing or­ganization worked out interfaces between the spacecraft, the rocket stages, the launch complex, and mission operations. After the fledgling European Space Research Organisation began to work with American engineers and managers from Goddard Space Flight Center, the first letter from the American project manager to his European counterpart was a request to immediately begin work on the interface between the European spacecraft and the American launch vehicle.17

Systems management became the standard for missile and space systems because it addressed many of the major technical issues of rockets and space­craft. The complexity of these systems meant that coordination and commu­nication required greater emphasis in missile and space systems than they did in many other contemporary technologies. Proper communication helped to create better designs. However, these still had to be translated into techni­cal artifacts, inspected and documented through rigid quality inspections and testing during manufacturing. Finally, the integrated system had to be tested on the ground and, if possible, in flight as well. The high cost and “nonreturn” of each missile and spacecraft meant that virtually every possible means of ground verification paid off, helping to avoid costly and difficult-to-analyze flight failures. All in all, the extremes of the space environment, automation, and the volatility of rocket fuels led to new social methods that emphasized considerable up-front planning, documentation, inspections, and testing. To be implemented properly, these social solutions had to satisfy the needs of the social groups that would have to implement them.