Government Technology

Cold Comfort



August 7, 2007 By News Staff

By Sally K. Ride, Ph.D., former NASA astronaut and the first American woman in space.

Today's government agencies face an expanding array of threats that make effective risk management fundamental to their success.

From directing homeland security and managing national transportation systems to running weapons labs and research centers, government agencies oversee some of the nation's most critical activities. Maintaining these operations in the face of natural and man-made hazards is vital to the country's well-being.

Government agencies also house some of its citizenry's most sensitive information - Social Security numbers, health records, financial information and other personal data must be protected. That job grows harder each day as computer hackers become more sophisticated and mobile workers carry vast amounts of information in easily misplaced laptops and handheld computers.

In this environment, all public agencies must strengthen their ability to spot, evaluate and eliminate potential safety and security risks.

Focus on safety and risk management starts at the top and must permeate every layer of an organization. Government leaders must understand the importance of managing risk - and they must communicate that importance to all employees and empower them to make the right decisions despite budget pressure, deadlines and other factors.

My experience with risk management stems from my involvement in the U.S. space program. As a mission specialist aboard space shuttle flights in 1983 and 1984, I was extremely confident in NASA's safety procedures.

I also had the unfortunate duty of serving on accident investigation boards for the 1986 Challenger explosion and the 2003 Columbia disaster. Despite NASA's reputation for technical and operational excellence, our investigations revealed an agency with serious risk-management problems.

Our findings are instructive for public-sector leaders and managers because they highlight a particularly insidious risk-management shortcoming: the tendency to develop a false sense of security when everything is working fine. It's human nature to interpret the lack of problems as a lack of risk. When this happens, people and organizations can become complacent.

This phenomenon was a key factor in the space shuttle disasters. Although the Challenger and Columbia were destroyed by completely different technical malfunctions, the underlying cause of both accidents was rooted in risk-management failures. NASA managers, blessed by the good fortune of many successful shuttle launches, began to downplay the importance of significant technical challenges with tragic results.

If this type of risk-management failure can occur at NASA - an organization engaged in one of the riskiest endeavors known to mankind - it can happen anywhere. The space agency's experience shows that effective risk management demands leadership, communication and constant vigilance - particularly when everything seems to be OK.

 

What Went Wrong?
Through years of space exploration, NASA finely honed procedures for spotting and mitigating potential dangers. But cultural changes triggered by cost and schedule pressures of the space shuttle program in the '80s prompted NASA to lose focus and discount the seriousness of known design flaws. The longer operations continued without mishap, the more "acceptable" these flaws became.

Then on an unusually chilly morning in January 1986, Challenger thundered away from its Florida launch pad, commencing NASA's 25th shuttle mission. Seventy-three seconds later, the orbiter was destroyed in a massive fireball. Our accident investigation  determined that failure of a rubber O-ring in one of the shuttle's massive solid rocket boosters triggered events that literally tore the craft apart.

At the time of Challenger's launch, NASA managers and engineers were well aware of problems with the O-rings, which sealed seams between sections of the rocket boosters. They'd seen evidence in earlier flights where hot exhaust gases from the rocket motors had nearly burned through the O-ring seals - particularly during cold-weather launches - endangering the shuttle and crew.

When the seal "erosion" was first discovered, NASA considered the problem quite serious, but the shuttle continued to fly as engineers worked on a solution. As flights continued without serious incident, the O-ring problem became less urgent. Deterioration of the critical booster seals came to be viewed as a nearly normal occurrence.

NASA fell into a trap. The O-rings functioned well enough to avoid disaster for 24 shuttle missions, and the agency became complacent. But the danger remained.

With the Challenger launch, NASA's luck ran out. An O-ring in the shuttle's right rocket booster - hardened by subfreezing temperatures during the morning of the launch - gave way, sending flames into the external fuel tank. Seconds later, the craft burst apart, scattering debris into the Atlantic Ocean.

Our investigation concluded that NASA's organizational culture and decision-making processes were key contributors to the accident, and it included nine recommendations to be implemented before shuttle flights resumed. The shuttle program was halted for 32 months while NASA implemented the changes.

Yet history repeated itself 17 years later.

After a string of successful shuttle missions, Columbia lifted into the sky from Cape Canaveral on Jan. 16, 2003. Eighty-two seconds into the flight, a chunk of insulating foam broke free from the external fuel tank and slammed into the leading edge of the orbiter's left wing.

Similarities to the Challenger accident were alarming. As with the O-ring problem, NASA had long known of the falling foam. Almost from the beginning of the shuttle program, pieces of insulation had been separating from the fuel tank and striking the shuttles, causing varying degrees of damage. At first considered serious, the problem didn't cause catastrophic results for more than 100 shuttle flights, leading NASA to minimize the importance of the potentially fatal flaw.

Yet the flaw remained. The chunk of foam that struck Columbia's wing damaged critical thermal panels designed to protect the shuttle during its return to Earth. The damaged panels triggered an in-flight breakup when Columbia re-entered the atmosphere 16 days later.

 

Fatal Pressures
How could the nation's premier scientific and research organization twice underestimate serious space shuttle design flaws? NASA was coping with challenges familiar to agency managers at any level of government: schedule pressure, budget pressure and political pressure. These forces led to flawed decision-making in both accidents.

The space shuttle was touted as a vehicle to make space travel routine, able to deliver payloads into orbit quickly and relatively inexpensively. Therefore, NASA was forced to control costs and meet launch schedules despite the shuttle's huge complexity and inherent risks.

Over time, NASA "normalized" the O-ring and foam problems, drastically underplaying their potential risk. Investigations of the Challenger and Columbia disasters showed that concern over cost-efficiency and deadlines blurred NASA's focus on safety. Furthermore, NASA had developed a culture that emphasized procedure and chain of command, and stifled communication.

Before the Challenger accident, engineers raised concerns about O-ring performance due to unusually cold temperatures the morning of the lift off. Our investigation found that management didn't listen to the engineers' warnings, and some engineers who had important information didn't speak up. Ultimately NASA decided launching in such cold temperatures was an acceptable risk despite the concerns.

Similarly NASA management overruled a request by worried engineers to use Department of Defense satellite imagery to study the damage to Columbia's wing. Instead, NASA administrators grumbled about the engineers' failure to follow proper protocol in requesting the images.

In the events leading up to both accidents, management didn't recognize that unprecedented conditions demand flexibility and democratic process, not bureaucratic response. In both investigations, we found that budget shortages prompted NASA to cut safety personnel, and those remaining lacked the clout and independence they needed to be effective.

 

Leadership Is Key         
How do you avoid a similar situation? Effective risk management starts with leadership.

Challenger and Columbia weren't doomed by technical problems. The accidents stemmed from cultural failures within NASA that encouraged complacency, silenced communication between levels of the organization, and allowed cost and budget pressures to eclipse safety concerns. As we pointed out in the Columbia accident investigation, leaders create culture, and it's their responsibility to change it.

Agency leaders must create an environment where any employee - regardless of title or status - can bring legitimate concerns to management and have those concerns taken seriously. If, for example, a software programmer discovers a potential vulnerability in computer code, he or she should be able to alert someone who will take the appropriate action - even if that means shutting down a Web site or spending a significant amount of money to correct the problem.

I recently spoke at a management retreat organized by the CEO of a large medical center. He's working to develop formal risk-management procedures, and more importantly he's instilling a culture that values open communication of risk factors. More executives should do the same.

After serving on investigation boards for both space shuttle accidents - and seeing up-close the results of risk management gone awry - I believe procedures are important, but people make the difference.

Developing mechanisms to spot potential problems clearly is necessary. But as NASA's experience shows, that's not enough. The space agency created excellent mechanisms to spot risks, and for the most part, they worked. The mechanical flaws that destroyed both space shuttles were well known before the accidents, but those flaws were improperly - if at all - addressed by people running the organization. Ultimately it's not enough to spot risks; it's how you address them that counts.

NASA may have a specialized mission, but lessons from the space shuttle accidents apply to public agencies at all government levels. Almost any agency manages risk - from regulating hazardous materials to protecting sensitive data on computer networks - and can learn from NASA's experience.

 

Sally K. Ride, Ph.D., a former NASA astronaut and the first American woman in space, is the president and CEO of Sally Ride Science, a company dedicated to supporting girls' interests in math, science and technology, and a professor of physics at the University of California, San Diego (currently on leave). She also serves as chair of Deloitte & Touche USA LLP's Council for the Advancement of Women. Ride is the only person to have served on the commissions investigating both the Challenger and Columbia space shuttle accidents. 


| More

Comments

   |    Commented August 22, 2007

This reminds of my brother who is an auto mechanic. My father used to say,"Good mechanics usually have terrible cars." Maybe you have noticed the same thing I have of mechanics on a budget. They usually have a personal vehicles at one time that a non-mechanic would be afraid to drive, but the mechanic owner would say, "nah, that's just this-and-that that's make that noise, no problem." As a programmer analyst, I can correlate to this story, in my own experience, as coding could get horrendous in trying to do a simple task of processing a payment, with more than half of the code dealing with all the wrong things that could avoid a bad payment. I can see why NASA requires a different level of leadership, but the mentality unfortunately as revealed by this article is so much the same. And unfortunately, unlike the mechanic driving his own, self-maintained vehicle, the shuttle doesn't have a floor jack and spare parts in the back of its trunk so it can pull over, crawl under its belly and try to fix "this-and-that" that's making that noise. Complacency has its place just to get through the day, although it could be misplaced, with great tragedy.

   |    Commented August 22, 2007

This reminds of my brother who is an auto mechanic. My father used to say,"Good mechanics usually have terrible cars." Maybe you have noticed the same thing I have of mechanics on a budget. They usually have a personal vehicles at one time that a non-mechanic would be afraid to drive, but the mechanic owner would say, "nah, that's just this-and-that that's make that noise, no problem." As a programmer analyst, I can correlate to this story, in my own experience, as coding could get horrendous in trying to do a simple task of processing a payment, with more than half of the code dealing with all the wrong things that could avoid a bad payment. I can see why NASA requires a different level of leadership, but the mentality unfortunately as revealed by this article is so much the same. And unfortunately, unlike the mechanic driving his own, self-maintained vehicle, the shuttle doesn't have a floor jack and spare parts in the back of its trunk so it can pull over, crawl under its belly and try to fix "this-and-that" that's making that noise. Complacency has its place just to get through the day, although it could be misplaced, with great tragedy.

   |    Commented August 22, 2007

This reminds of my brother who is an auto mechanic. My father used to say,"Good mechanics usually have terrible cars." Maybe you have noticed the same thing I have of mechanics on a budget. They usually have a personal vehicles at one time that a non-mechanic would be afraid to drive, but the mechanic owner would say, "nah, that's just this-and-that that's make that noise, no problem." As a programmer analyst, I can correlate to this story, in my own experience, as coding could get horrendous in trying to do a simple task of processing a payment, with more than half of the code dealing with all the wrong things that could avoid a bad payment. I can see why NASA requires a different level of leadership, but the mentality unfortunately as revealed by this article is so much the same. And unfortunately, unlike the mechanic driving his own, self-maintained vehicle, the shuttle doesn't have a floor jack and spare parts in the back of its trunk so it can pull over, crawl under its belly and try to fix "this-and-that" that's making that noise. Complacency has its place just to get through the day, although it could be misplaced, with great tragedy.

   |    Commented August 22, 2007

I read with great interest Ms. Ride's article and agree with her completely. "When the time has come to perform, the time to prepare has passed." These fundamental changes in our approach towards Risk Management must begin at the rudimentary level. As a Captain in a progressive fire department that is situated in a fast-growing jurisdiction, we have embodied the "empowerment" of each firefighter/EMT. The key, as Ms. Ride stated, is having the managerial environment ripe for feedback. This feedback needs to free from source bias and/or retribution. We find this level of managerial complacency or societal fear of being an outcast among our peers commonplace. No one wants to be the "One who cries wolf or chicken little," only to have the issue not materialize. However, Gordon Graham (Noted Risk manager) gives us a new twist on hindsight. "How could you not see it coming?????" Those of you that are familiar with Mr. Graham will know that it is the "train" that I am referring to. It is sad when we are caught off guard as a situation happens the first time, because we ignored the signs. But, it is an absolute travesty when it happens repeatedly because we ignored the signs AND history. This is a lesson that the fire service struggles with everytime a firefighter dies or has a close call. To quote Mr. Graham: "Is it a high risk, low frequency event? Uhhh Huh..... Then your risk management radar had better be in high gear." Or, as we have said for years, "Complacency Kills." Thank you again, Ms. Ride, for your article and calling additional attention to what should be a "common sense" subject, that isn't.

   |    Commented August 22, 2007

I read with great interest Ms. Ride's article and agree with her completely. "When the time has come to perform, the time to prepare has passed." These fundamental changes in our approach towards Risk Management must begin at the rudimentary level. As a Captain in a progressive fire department that is situated in a fast-growing jurisdiction, we have embodied the "empowerment" of each firefighter/EMT. The key, as Ms. Ride stated, is having the managerial environment ripe for feedback. This feedback needs to free from source bias and/or retribution. We find this level of managerial complacency or societal fear of being an outcast among our peers commonplace. No one wants to be the "One who cries wolf or chicken little," only to have the issue not materialize. However, Gordon Graham (Noted Risk manager) gives us a new twist on hindsight. "How could you not see it coming?????" Those of you that are familiar with Mr. Graham will know that it is the "train" that I am referring to. It is sad when we are caught off guard as a situation happens the first time, because we ignored the signs. But, it is an absolute travesty when it happens repeatedly because we ignored the signs AND history. This is a lesson that the fire service struggles with everytime a firefighter dies or has a close call. To quote Mr. Graham: "Is it a high risk, low frequency event? Uhhh Huh..... Then your risk management radar had better be in high gear." Or, as we have said for years, "Complacency Kills." Thank you again, Ms. Ride, for your article and calling additional attention to what should be a "common sense" subject, that isn't.

   |    Commented August 22, 2007

I read with great interest Ms. Ride's article and agree with her completely. "When the time has come to perform, the time to prepare has passed." These fundamental changes in our approach towards Risk Management must begin at the rudimentary level. As a Captain in a progressive fire department that is situated in a fast-growing jurisdiction, we have embodied the "empowerment" of each firefighter/EMT. The key, as Ms. Ride stated, is having the managerial environment ripe for feedback. This feedback needs to free from source bias and/or retribution. We find this level of managerial complacency or societal fear of being an outcast among our peers commonplace. No one wants to be the "One who cries wolf or chicken little," only to have the issue not materialize. However, Gordon Graham (Noted Risk manager) gives us a new twist on hindsight. "How could you not see it coming?????" Those of you that are familiar with Mr. Graham will know that it is the "train" that I am referring to. It is sad when we are caught off guard as a situation happens the first time, because we ignored the signs. But, it is an absolute travesty when it happens repeatedly because we ignored the signs AND history. This is a lesson that the fire service struggles with everytime a firefighter dies or has a close call. To quote Mr. Graham: "Is it a high risk, low frequency event? Uhhh Huh..... Then your risk management radar had better be in high gear." Or, as we have said for years, "Complacency Kills." Thank you again, Ms. Ride, for your article and calling additional attention to what should be a "common sense" subject, that isn't.

   |    Commented August 22, 2007

St. Petersburg Times has this quote today 22 Aug 2007 - "I think we will continue to lose foam. ... I think we'll still expect to see some things come off, and we'll have to analyze them," said NASA associate administrator Bill Gerstenmaier. Said Griffin: "On every flight we seem to have some interesting question that has to be resolved, or certainly it's a rare flight where we don't. And I expect that to continue." Hmmm... maybe they need to read this article. My second thought was that when I heard all the astronauts that rode the last ride say that they didn't give the tile another thought after NASA said it didn't need repair. Maybe they should rethink that too.

   |    Commented August 22, 2007

St. Petersburg Times has this quote today 22 Aug 2007 - "I think we will continue to lose foam. ... I think we'll still expect to see some things come off, and we'll have to analyze them," said NASA associate administrator Bill Gerstenmaier. Said Griffin: "On every flight we seem to have some interesting question that has to be resolved, or certainly it's a rare flight where we don't. And I expect that to continue." Hmmm... maybe they need to read this article. My second thought was that when I heard all the astronauts that rode the last ride say that they didn't give the tile another thought after NASA said it didn't need repair. Maybe they should rethink that too.

   |    Commented August 22, 2007

St. Petersburg Times has this quote today 22 Aug 2007 - "I think we will continue to lose foam. ... I think we'll still expect to see some things come off, and we'll have to analyze them," said NASA associate administrator Bill Gerstenmaier. Said Griffin: "On every flight we seem to have some interesting question that has to be resolved, or certainly it's a rare flight where we don't. And I expect that to continue." Hmmm... maybe they need to read this article. My second thought was that when I heard all the astronauts that rode the last ride say that they didn't give the tile another thought after NASA said it didn't need repair. Maybe they should rethink that too.

   |    Commented August 23, 2007

As each shuttle mission goes by, we read of individual tiles being torn off. From a non-engineer's standpoint, it would appear that caulking or a solid foam construction would be in order. Until such point as safety can be assured, we will continue to horrify children as we watch entire crews being blown to bits. I hope that the data being gained is worth having children being launched into adulthood prematurely.

   |    Commented August 23, 2007

As each shuttle mission goes by, we read of individual tiles being torn off. From a non-engineer's standpoint, it would appear that caulking or a solid foam construction would be in order. Until such point as safety can be assured, we will continue to horrify children as we watch entire crews being blown to bits. I hope that the data being gained is worth having children being launched into adulthood prematurely.

   |    Commented August 23, 2007

As each shuttle mission goes by, we read of individual tiles being torn off. From a non-engineer's standpoint, it would appear that caulking or a solid foam construction would be in order. Until such point as safety can be assured, we will continue to horrify children as we watch entire crews being blown to bits. I hope that the data being gained is worth having children being launched into adulthood prematurely.

   |    Commented August 29, 2007

Thank you for such a great, succinctly written article. It is clear, direct and profound. It makes me think about the complacency in my life, let alone in regards to the space shuttle. I recognized immediately that if I am complacent about the "this and that - similar to a mechanic" then it is just a matter of the 25th time or the 100th time that I would want to live with. I am not willing to see a 25th time in my life. This has been a tremendously valuable wake up call for me. Thanks to all of you - author, publishers and teams who brought this to the forefront of my attention. With gratitude! B : )

   |    Commented August 29, 2007

Thank you for such a great, succinctly written article. It is clear, direct and profound. It makes me think about the complacency in my life, let alone in regards to the space shuttle. I recognized immediately that if I am complacent about the "this and that - similar to a mechanic" then it is just a matter of the 25th time or the 100th time that I would want to live with. I am not willing to see a 25th time in my life. This has been a tremendously valuable wake up call for me. Thanks to all of you - author, publishers and teams who brought this to the forefront of my attention. With gratitude! B : )

   |    Commented August 29, 2007

Thank you for such a great, succinctly written article. It is clear, direct and profound. It makes me think about the complacency in my life, let alone in regards to the space shuttle. I recognized immediately that if I am complacent about the "this and that - similar to a mechanic" then it is just a matter of the 25th time or the 100th time that I would want to live with. I am not willing to see a 25th time in my life. This has been a tremendously valuable wake up call for me. Thanks to all of you - author, publishers and teams who brought this to the forefront of my attention. With gratitude! B : )


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
Best Practice Guide for Cloud and As-A-Service Procurements
While technology service options for government continue to evolve, procurement processes and policies have remained firmly rooted in practices that are no longer effective. This guide, built upon the collaborative work of state and local government and industry executives, outlines and explains the changes needed for more flexible and agile procurement processes.
View All

Featured Papers