The Tale of Apollo 13
The Apollo 13 mission became perhaps the greatest real-life drama of the technical age when an oxygen tank exploded after the tiny ship was already half-way to the moon. In one brief moment, a billion dollar triumph of engineering and technology was transformed into a desperate struggle to bring three brave explorers back safely from the brink of doom. With the primary oxygen supply lost, the command Module’s fuel cells could not produce power, so it had to be quickly shut down to conserve its batteries. Without them, it would not be able to separate from the massive service module, fire its retro rockets, or maintain a survivable trajectory during reentry.
In the days that followed, three men would huddle in a tiny, half-frozen lunar module built for two, while engineers and technicians, not just here in Houston but in factories and facilities throughout the county, struggled to squeeze enough oxygen and electricity out of the beleaguered ship to bring them back home. NASA’s handling of this emergency is truly one of the great triumphs of engineering and management, but the events that led up to the crisis are an abject warning, of how the most mundane human failings can undermine even the best laid plans.
The explosion was caused by a damaged heater coil in the number two oxygen tank. This tank was more than just a metal can. It was a complex and fairly delicate cryogenics system that had to maintain oxygen in a semi-frozen state in which gaseous oxygen was always available at an acceptable pressure, and it had to be able to do this on the ground, in space, in zero gravity, and under the pounding of lift-off. This required a number of internal components, including a heater (to keep pressure up), a mixer (to keep the slushy oxygen flowing) and a thermostatic switch—a safety switch to keep the tank from overheating.
The Apollo spacecraft electrical system was designed to run on 28 volts, the voltage supplied by the fuel cells. The generators on the launch pad, however, produced 65 volts, and the spacecraft would have to run on this voltage during the weeks of tests leading up to the launch. This was not a problem for most components, but North American, the prime contractor, became concerned and ordered its subcontractor (Beech) to redesign the heater element inside the tank. Beech did so, but somehow overlooked the thermostatic safety switch. This omission, by itself, would almost certainly have causes no problems.
The tank that ultimately ruptured on Apollo 13 was originally installed in Apollo 10 but because a number of improvements had been made to the tank design, it was removed so that it could be upgraded and used on a later flight. During removal, a bolt had not been properly removed, caught, and caused the tank to fall a short distance back into its cradle. The jolt was slight, and the tank was inspected and found to be undamaged, so it was sent off for upgrade. This accident, alone, was no cause for concern.
Two years later, the upgraded tank was part of Apollo 13 as it sat atop the massive, fuming Saturn V booster for a critical test. In this test, the rocket, crew, and ground staff were all readied for launch, right up to the point of ignition. As part of the test, the oxygen tanks were filled with liquid oxygen just as they would be on launch day. The test was completed successfully, but trouble occurred as service technicians worked to shut down the spacecraft afterwards. All of the cryogenic systems had to be purged prior to shut down, and this was accomplished for each tank by pumping warm gas in one valve and forcing the refrigerated liquid out through another. On this day, oxygen tank number two became balky, releasing less than 30 of its 320 pounds of oxygen.
Engineers examined the design and the manufacturing history of the tank. They concluded that a vent tube had been bent slightly when the unit was dropped two years previously. Because of the misalignment, the purge gas was going in one valve and out the other instead of pushing the frozen slush out through the vent tube. This should have raised the alarm, but the vent tube would not be used in flight, it was only used on the ground, so they ignored the fact that a critical component of a precisely engineered system on which billions of dollars and human lives depended, was not working as designed.
Instead, they decided to turn on the heater inside the tank, and just let it boil off the frozen oxygen. This would take several hours, and was far outside the operational design of the heater, but the engineers saw no problem with the procedure. They knew that the safety switch would keep the tank from overheating. They also knew that a technician monitoring the tank could keep an eye on the temperature. What they didn’t know was that the safety switch had never been upgraded, and fused shut the instant the 65 volt test current started flowing through its 28 volt contacts. So as the heater ran in the super insulated tank, the oxygen boiled off and the temperature started to rise. The technician monitoring the tank saw the temperature stabilize at eighty degrees, because the sensor inside the tank was only designed to measure up to the maximum temperature expected to be encountered—eighty degrees. In fact, the temperature rose hour after hour to nearly one thousand degrees, and burned most of the Teflon insulation off the wiring inside the tank.
Weeks later and 200,000 miles from Earth, one of those wires sparked during a stir of the tank, igniting the remaining insulation and blowing off the neck of the tank. Exposed to the vacuum of space, the 300 pounds of Oxygen slush flashed into gas and blew out part of the service module, ripping apart the plumbing and wiring of the other tank, and crippling the spacecraft. It might have been far worse. Had the tank ruptured on the ground, the oxygen might have had time to burn what fuel was around it. The astronauts might have been killed before they ever left the pad.
So, what lessons does this twisted chain of events have for the rest of us? Apollo was built in “encapsulated” modules. It was well engineered. It was thoroughly tested. It had backups and fail-safes and redundant components. And yet it failed. It failed because human beings made predictable mistakes, indeed, mistakes that a mammoth bureaucracy was specifically set up to prevent. Jim Lovell, in his book “Lost Moon” recounted that at the time of the countdown demonstration test, he had asked the engineers how long it would take to pull the rack containing the balky tank. In retrospect, this was clearly the right thing to do. But of course, in the real world, we all make trade-offs all the time. Replacing the tank might have cost the launch window. But weighed against this tangible risk, was the unknowable risk that not replacing it could cost the mission–and lives.
I am not criticizing Jim Lovell, or NASA or engineers at North American or Beech Aircraft. I am merely pointing out something about human nature. We see what we want to see, but we have the mental capacity to defeat our imposed delusions – this is what the scientific method was created for. Fundamentally, Apollo 13 failed because NASA did not recognize that when an oxygen tank is in any way not operating to spec. this is a problem to be respected. Years later, different NASA engineers ignored the fact that solid rocket booster seals were not operating as designed, and as a result, the Space Shuttle Challenger blew itself into a billion pieces on national television. Another decade passed, and engineers ignored the fact that external tank insulation was not performing as designed, and my four and six year old daughters spent a morning searching the roadsides or north west Louisiana for pieces of another Shuttle.
We aren’t all trying to go to the moon. And I would not presume to judge any of these decisions where tax money and lives must be weighed in light of risks that just cannot be known. We all take risks all the time, whether running a red light, or voting with our party without researching their policy claims. Failure does not always lead to icy death or fiery cataclysm, but it can, over time, lead to unexpected consequences. The scientific method is how we test our assumptions and illusions. It got us to the moon and back. It can take us where faith never will.
A cursory rebuttal suggests that faith and courage brought them back from the moon, not the scientific method. I heartily endorse the scientific method, but it only works to explore new and unknown places for those who have faith to fail in their endeavors along the way.
I certainly agree, faith, courage, sincere dedication, and professionalism all were instrumental. The scientific method, though, is far more than a means of exploration. It is a means of seeing through the illusions that encumber all human experience. In my work in information technology, I continually see money wasted by those who do not understand or properly apply the scientific method in their work. The same fauly reasoning that led our ancestors to believe in fairies and ghosts leads modern analysts to deploy “miracle programs” (programs that only appear correct because they haven’t been properly tested) and to talk themselves out of the benefit of highly capable assets, or just plain get it wrong.