Mission to Mars: Risky Business
|The spherules, blueberries and naming have become important to clues on an alien landscape.|
The Mars Exploration Rover (MER) mission has sent back groundbreaking information about the history of Mars. The most important result is the discovery of salt deposits that indicate that some regions of the planet were once “drenched” in water. These findings bolster the notion that, at least in its distant past, Mars was a habitable world. But preparing the rovers for launch was an arduous and exhausting marathon. In a recent talk given at a NASA symposium on risk management in Monterey, California, MER Principal Investigator Steve Squyres explained how the mission team made it to the finish line.
I’m here today to talk about the Mars Exploration Rover mission, the mission of Spirit and Opportunity, and the risks that we took with that mission. I think by any standard, MER has to be looked at as one of the riskiest and one of the most complex robotic missions that NASA has ever undertaken. But it’s been successful.
I’m going to talk about the risks that we took to make that success happen. Now, there’s one point I have to make from the very outset. It is so obvious that I almost don’t need to say it. But it’s also so fundamental that I have to say it. And that is that there is a very fundamental difference between our mission and human spaceflight. When our rockets lifted off from Cape Canaveral last summer, our lives were not on the line. Now, there were a few meetings at NASA Headquarters that proceeded that launch where I wasn’t quite so sure about that.
|Russell Dunes MGS MOC Release No. MOC2-677, 26 March 2004|
Image Credit: Mars Global Surveyor, Malin Space Systems
But it’s fundamentally different. But I think that our experiences do have much to say about how one takes risks in space flight, including human space flight. There were many aspects of our mission that are in common with what goes on in human spaceflight. We had a very challenging schedule. We had a very daunting technical task. We had an enormously complicated team, a very large team, to pull it all off. And addressing and aggressively mitigating the risks were something that we spent an enormous amount of time on. And I think that some of our lessons there do carry over to the very demanding realm of human space flight.
Our mission arose out of catastrophe. In 1998, NASA launched two missions to Mars. The Mars Polar Lander began its entry and descent sequence and was never heard from again. The most likely cause was determined to have been a single line of code that was missing that resulted, probably, in the vehicle shutting off its motors about 40 meters (about 130 feet) above the ground and hitting the surface at about 50 miles an hour (about 80 kilometers per hour). And even worse, in some sense, the Mars Climate Orbiter was lost when a mix-up over English and metric units resulted in flying the spacecraft into the atmosphere and burning it up.
So we were put in a position, which we all embraced from the start, of being involved in a mission that had to succeed. The credibility of a substantial portion of the nation’s space program, was very much riding on our success or on our failure. So we had to come up with ways to address that risk that were commensurate with the expectations that had been forced upon us by circumstances. Now, as with any program, we addressed and had to face a wide variety of different kinds of risk. There was cost risk, there was programmatic risk, technology risk, environmental risk, operational risk, schedule risk. I’m going to address each of those briefly in turn.
There are many things that we did individually to mitigate each of those risks. But I think almost above all there was one thing we did from the start that addressed every single one of those risks. We knew what we were trying to do. We had a set of requirements, Level I requirements; they were negotiated with NASA headquarters; they fit on a single piece of paper, two sides; and they stated succinctly and clearly what the MER mission was expected to do. From the day that NASA said “Go,” to the day that we had a date on Pad 17A at Cape Canaveral, was 34 months. We would not have made it had we not all had a clear unambiguous common understanding of what it was we were trying to accomplish.
Those Level I requirements were our guide star. I lost a lot of sleep wondering whether or not we were going to make it, but I never once questioned what it was we were trying to accomplish. We never had an ounce of uncertainty in our minds. And that was tremendously enabling, because every time we faced a decision – Do we do this test; do we not? Do we include this component; do we not? – we asked ourselves, “Does it help us meet the Level I requirements?” If so, yes. If not, it’s expendable. And it was that simple. I cannot overstate the importance, and I don’t care how big or how small your organization, how complex or how simple your task, it gives a crystalline clarity of purpose to your organization, from top to bottom, if everybody knows with no ambiguity what you’re trying to achieve. That was fundamental to our success.
So let me go through those risks that I listed.
Cost risk. When you get right down to it, our fundamental approach to cost risk was that, when we needed more money, NASA gave it to us. We originally costed the mission out at 688 million dollars. We overran that by more than 100 million bucks. Twice over the course of the development, Firouz Naderi, the program manager at JPL, and Pete Theisinger, our very able project manager, and I had to get on a plane and go back east and tell them we needed 50 million dollars more.
The first time we did it, we were flogged, and then we got our 50 million. We promised never to come back again. About 6 months later, there we were again. We were really flogged on that one. But when it came right down to it, there was so much on the line, there was so much at stake, the agency was able to look at their priorities and say, “We have to make this work.” And never once over the entire course of the MER development did we not do something important, something that was enabling of meeting the Level I requirements, because we didn’t have the money. It never happened. That was because the agency made the commitment to make sure it never happened.
Programmatic risk. Programmatic risk means a lot of different things to a lot of people. I will define it rather narrowly to mean the way in which you interact with other programs over issues like personnel, facilities and so forth. Our approach there was, to be honest, very much like our approach to cost risk. What we needed, we got. The Jet Propulsion Laboratory is an immensely talented, immensely capable organization, but their resources are not infinite. And whenever it came down to something critical, if we need the right people, we got it; if we needed certain facilities, we got it. There just weren’t any questions asked. The team that was put together under Pete’s leadership at JPL was the best that the Jet Propulsion Laboratory had to offer, and lab management always gave us everything that we needed.
|Schematic of major mission events during entry, descent and landing.|
Credit: NASA/JPL/ Cornell University/ Dan Maas
Now, you can’t do that for every project, obviously. But it’s a matter of having your priorities straight. And here the priorities were that what MER needed, MER got. There was a phrase around JPL that I heard about. Somebody would say, “I got MERed.” That meant that their facility or their engineer or somebody had been stolen away by MER to go off and make sure that we got to Mars okay.
Technology risk. Our approach to technology risk was, basically, don’t take any. Our mission was assembled almost entirely from existing, tested, proven technology. Airbags had been used on Mars, parachutes had been used on Mars, aerogel had been used on Mars, the payload was ready to go. The entire mission was put together from existing, qualified, capable hardware. Our computer, our CPU, was a smoking hot machine in 1985. But it was good enough to meet the job that was laid out in the Level I requirements, and so that was what we used. You can sometimes accomplish extraordinarily innovative things by taking already existing technologies and combining them together in novel ways. There may be a lesson there. I don’t think MER is the only opportunity out there for taking existing, proven, safe technologies and combining them together in ways that haven’t quite been attempted before.
Environmental risk. This was a big one. There were many environments over the course of our flight over which we had little or no control and for which we had to do our best to prepare ourselves. Launch was an environment that was, as a spacecraft team, outside of our control. That was risky. Landing was certainly risky. Unless you have a fully deterministic landing system, when you land on Mars – I don’t care how much testing you do – you cannot build a perfectly safe Mars lander. You can build the best system you can. But you can always have one sharp, pointy rock, one gust of wind that does you in, if you get unlucky that day at the landing site. And so our approach to environmental risk was absolutely the best one that you can take: we built two of everything. Two rockets, two landers, two rovers, two payloads, identical up and down the line, but we built two of everything.
|Clouds and frost cover on the north Martian pole from Mars Orbital Camera|
Credit: NASA/ JPL/ MSSS MOC
This is a risk-mitigation technique that does not carry over, obviously, into the realm of human spaceflight. You can’t say, “Well, let’s send two crews and maybe one of them will survive.” But if you have a robotic mission that must succeed, if you don’t send two, you’re crazy, in my personal opinion. It worked very well for us. And I’ll also point out that it worked very well for the people who were involved in Mariner 3 and 4, Mariner 4 being the first successful Mars flyby, Mariner 3 going in the drink. Mariner 8 and 9: Mariner 9 was the first successful Mars orbiter and Mariner 8 went in the drink.
There was another aspect of environmental risk that I think was not adequately appreciated by most people, and that had to do with risk to the science. We were going into a fundamentally unknown scientific environment. We did the best we could to select good landing sites, but we didn’t really know what to expect. And one of my greatest fears, when we first proposed MER to NASA a single rover mission, was that we would choose badly, and that Mars would fake us out. That we would get down on the surface and the science that we were seeking just simply wouldn’t be there. If you have two, and if you have a very diverse planet, as Mars is, you can send them to two very different sites, and maybe one of them will turn out to be the miracle site.
|Is Mars habitable for humans? Credit: NASA|
Mars did fake us out, by the way. If you had told me ahead of time, “Steve, one of your rovers is going to land on volcanic rock, and one’s going to land on sedimentary rock,” and you’d said, “Gusev and Meridiani,” I would have said, “Yeah, sure, it’s gonna be volcanic rocks at Meridiani and sedimentary rocks at Gusev.” It was the other way around. Mars completely faked us out. The beauty of having that redundancy to mitigate the science risk is that, if it really pays off and both vehicles get on the surface, you take advantage of that diversity to essentially double your science return, because you’re in two completely different environments.
Operational risk. The chance that when you try to do it, it’s not going to work. There’s no magic formula there. This one’s real straightforward: you do it with margin and testing. You build a lot of margin into your design, and then you test and you test and you test. And like they always say, you test it just like you’re going to fly it, and you fly it just the way you tested it. We did a hell of a lot of testing on MER. Our schedule was all about testing. Everything that we did was about testing.
In the end, the approach that we took paid off, and the margin, in particular, was very important. We put a lot of margin into the design. There’s margin tucked away in so many nooks and crannies in that design, you can’t believe it. And it was that margin that made us comfortable signing up to a set of Level I requirements that says that this vehicle will last for 90 sols, 90 martian days, on the surface. But if you’ve got that much margin in your pocket, and a few things break your way, you might still be driving around on sol 265, which is, I think, what today is. So margin pays off in big ways.
Finally, schedule risk. This was the worst risk that we faced, by far. In a very real sense, the entire story of the development of the Mars Exploration Rover program, the development of Spirit and Opportunity, is the story of an extraordinary group of people facing schedule risk. NASA said, “Go,” and we had to be there on the launch pad in 34 months. That was not enough time. It was not enough time.
There were many things that we did to mitigate schedule risk. One of them, and this will sound paradoxical but it is not, is that our schedule risk was mitigated to a great extent by the fact that we were flying two vehicles. That doesn’t sound like it makes sense; it should be easier to build one than to build two. Well, under certain circumstances, if you’re starved for people, starved for facilities, starved for money then that’s true. But if you’ve got the people, you’ve got the facilities and you’ve got the money, then it helps to be hardware-rich. You have more pieces on your chessboard and it puts you in a stronger position.
Just as one trivially simple example, there are many tests that you run on a vehicle like this that only have to be run on one of your two vehicles. And if you’ve got the facilities and you’ve got the people, you run those two tests, not in series, but in parallel, and you pick up schedule. And we did that again and again and again. Matt Wallace, who was the manager of our ATLO (assembly, test and launch operations), was a master. He was a hero of that mission, and he played that game with those chess pieces with such intricacy and such skill that we made it. And I don’t think we would have made it with only one vehicle. I think we had to do it with two.
The other way in which, I am somewhat ashamed to say, we mitigated schedule risk was that we pushed an extraordinary group of people too hard. We pushed them beyond reasonable limits. It damaged people’s health; it damaged people’s relationships with their loved ones. We got away with it because we had an extraordinary group of people under an extraordinary set of circumstances. But that is not a sustainable approach to Mars exploration. We cannot go back to that well again and again. I do not believe that 34, 36, 38 months is enough time to do a robotic mission of that complexity. I think you need 48. And I hope that that lesson is one that is taken away from the MER mission.
I’d like to finish this on a slightly lighter note by telling a little story. We had a lot of discussion yesterday about humans versus robots. And as the robot guy here, I want to tell a story about an experience that I had that really taught me a lot about that particular topic. When we were first trying to figure out how to use a set of rovers on Mars to do scientific exploration, the technology folks at JPL built a wonderful little vehicle called Fido.
Fido was a great test rover. We could take it out in the field and we didn’t worry about getting a few scratches in the paint. We took it out to a place called Sliver Lake, in the Mojave Desert. This was like 1997. It was the first time Fido had ever been out in the field. So I’m out there with my team, lots of really high-priced geologic talents, some seriously good field geologists. So we get the rover out there, and, of course, it breaks down. First time it’s ever been out in the field, it’s dusty, it’s dirty, the rover’s not working.
So, okay, what am I going to do with all of the bored geologists I’ve got on my hands? So I said, “Look. Let’s go on a geology walk. Let’s go on a little field trip.” So everybody got their boots and their rock hammers and their hand lenses and everything. I picked up a notebook and a stopwatch. We walked out to a nearby ridge, where I knew there was some interesting geology exposed. I sat down, and they went off and they started geologizing. And I started timing. How long does it take for Andy Knoll to walk over to that rock? How long does it take Ray Arvidson to pick that thing up and break it open with his rock hammer and look at it with a hand lens? They were doing a lot of things that our rovers couldn’t do, but I focused on the things that they were doing that our rovers could do. I did it as quantitatively as I could, although this was hardly a controlled experiment. When I worked out the numbers afterwards, I found that what our magnificent robotic vehicles take an entire day to do on Mars, these guys could do in about 30 to 45 seconds.
We are very far away – very far away – from being able to build robots that have anything like the capabilities that humans will have to explore, let alone to inspire. I’m not going to see it in my lifetime. When I hear people point to Spirit and Opportunity and say that these are examples of why we don’t need to send humans to Mars, I get very upset. Because that’s not even the right discussion to be having. We must send humans to Mars. We can’t do it soon enough for me. I’m a robot guy. I love Spirit and Opportunity – and I use a word like love very advisedly when talking about a hunk of metal. I love them. But they will never, ever have the capabilities that humans will have. And I sure hope we send humans soon.
Related Web Pages
Spirit’s Sol images and slideshow
Opportunity image gallery and slideshow
Mars Berries Once Rich in Iron-Water
NASA’s RATs Go Roving on Mars
Pancam- Surveying the Martian Scene
Alpha Proton X-ray Spectrometer