MCO: More thoughts on the Martian Climate Orbiter

How many projects have failed in the manner of the MCO, Mars Polar Lander and the Deep Space 2 sub-projects?  Many is the unfortunate answer.  What happened with these probes?  I am placing the full table of analysis here, since NASA seems to be a little slippery with their data stores. 


Root Cause of the Mars Climate Orbiter:

· Failure to use metric units in the coding of a ground software file, “Small
Forces,” used in trajectory models

· Please keep in mind that the MCO team was likely under pressure to produce a product and that they had a hard deadline to meet: The Hohmann transfer orbit only occurs about every two years, and the launch window was closing.

· Also, we all have screwed up in our time, I write these posts to examine how far we have come since then, not to beat up on the propulsion team

Contributing Causes:


1. Undetected mismodeling of spacecraft velocity changes

Models rarely match actual physics, and this is just another example of that

2. Navigation Team unfamiliar with spacecraft

Oh, great, the pilots of the spacecraft were not familiar with it? WTF? OMG!

3. Trajectory correction maneuver number 5 not performed

Because the Navigation team wasn’t familiar with the spacecraft, so management didn’t listen to them when the spacecraft was closing with Mars 4 times faster than expected

4. System engineering process did not adequately address transition from development to operations

As Tim Buxton said at Mix09, the transition is the most important design consideration

5. Inadequate communications between project elements

Oh, that never happens on projects does it?

Graphic designers and game developers usually communicate right? No! It is the program mangers responsibility to make sure that communications are smooth

6. Inadequate operations Navigation Team staffing

Oops, under staffing is a bad thing when it comes to piloting a spacecraft

7. Inadequate training

Training is very important, umm, I need to get signed for some training. How about you.

8. Verification and validation process did not adequately address ground software

We are going to be going over this part in depth

9. MPL Recommendations:


a. Verify the consistent use of units throughout the MPL spacecraft design and operations


b. Conduct software audit for specification compliance on all data transferred between JPL and Lockheed Martin Astronautics

This is part of what we will be covering in this blog overtime

c. Verify Small Forces models used for MPL

Modeling will be discussed on my site

d. Compare prime MPL navigation projections with projections by alternate navigation methods

We will be covering this in depth, all highly reliable systems use this process

e. Train Navigation Team in spacecraft design and operations

Can’t rent a sailboat if you don’t prove you can sail it safely. Maybe I should go for a spacecraft next time

f. Prepare for possibility of executing trajectory correction maneuver number 5

Need to make sure that the driver knows how to use the throttle

g. Establish MPL systems organization to concentrate on trajectory correction maneuver number 5 and entry, descent and landing operations

Looks like the navigation team got confused about the difference between an orbiter and a lander. Need to work on the identification of the various space craft.

h. Take steps to improve communications

Ok, ok, talk to each other

i. Augment Operations Team staff with experienced people to support entry, descent and landing

And hopefully the experienced people will explain to the new people that orbiters should

j. Train entire MPL Team and encourage use of Incident, Surprise, Anomaly process

Surprise, my orbiter crashed

k. Develop and execute systems verification matrix for all requirements

Didn’t someone make up a punch list of things that needed verification? Ok, we will go over this one as well.

l. Conduct independent reviews on all mission critical events

No comment

m. Construct a fault tree analysis for remainder of MPL mission

Didn’t quite make that one in time since the MPL crashed due to failure of the squat switches on deployment

n. Assign overall Mission Manager

Or at least adult supervision.

o. Perform thermal analysis of thrusters feedline heaters and consider use of pre-conditioning pulses

Ok, now this one might have been missed in the real world, the heaters could have malfunctioned, etc.

p. Reexamine propulsion subsystem operations during entry, descent, and landing

This is a mechanical issue, not software, oh wait a minute, it wasn’t. This will be discussed eventually

Technorati Tags: Martian Climate Orbiter,software engineering,crash analysis,doing a better job