Russia to break safety rules to repair Soyuz capsule

Please consider donating to Behind the Black, by giving either a one-time contribution or a regular subscription, as outlined in the tip jar to the right. Your support will allow me to continue covering science and culture as I have for the past twenty years, independent and free from any outside influence.

In order to replace a burnt capsule quickly in its Soyuz capsule, Russia will ignore its own safety rules and allow the engineers to work without draining the capsule of its propellants and gases.

Sources close to investigation told that a cable located behind the cosmonaut seats inside the Descent Module of the Vehicle No. 732 had accidentally been bent severely enough to damage its insulation. As it turned out, the problem had nothing to do with the encapsulation of the spacecraft inside its payload fairing on September 15, as was initially thought.

Replacing the damaged cable is relatively straight forward, but it now has to be conducted on the vehicle fully loaded with toxic propellants and pressurized gases. Such an attempt would violate usual safety rules, but draining the spacecraft off its propellants and gases would likely be even more unprecedented and require lengthy repairs.

The big issue here is not the willingness of Roscosmos management to break its safety rules. In fact, believe it or not, those rules are possibly too strict. The repairs are taking place inside the capsule where the astronauts sit. If it is too dangerous for engineers to be there with the capsule fueled, then it would be too dangerous for the astronauts. Granted, engineers don’t usually sign up for those kinds of dangers, but then, if you are an engineer in the field of rocket science I suspect you did sign up, and expect them.

No, what is significant about this story is the bent cable and its damaged insulation, which was bad enough that the cable actually burnt, based on other reports. It suggests a variety of issues in the construction of this capsule, all of which are worrisome. First and foremost, how is it possible for insulation to break simply by bending a cable? Is the insulation that badly made? Or have they such low tolerances for the insulation (possibly to save weight) that it requires a very careful installation that in this case was done badly?

This is also only the second launch of an upgraded Soyuz capsule. Could it be that they haven’t worked out all the kinks in its design? If not, they have been making Soyuz capsules for literally decades. One would think that the people that install this wiring would know its tolerances and not make such a mistake.

I know I am being somewhat harsh here, but that harshness comes after seeing repeated quality control problems in a variety of Russian-built aerospace hardware in recent years. In the previous cases, however, the problems did not involve a manned flight. This one did, and if those same quality control problems are now showing up with Soyuz, that is a very bad thing.


  • Edward

    Robert wrote: “In fact, believe it or not, those rules are possibly too strict.

    This may be true. I do not know the rules, but the Russians had a bad experience with a rocket exploding on the launchpad while a lot of their engineers and technicians were near it, so I wouldn’t be surprised if they have strict rules about working around fueled spacecraft. (Although it is my impression that more than the minimum number of people gather around the launch pad when the cosmonauts arrive at the pad — and while fueling is in process.)

    Robert asked: “how is it possible for insulation to break simply by bending a cable?

    I suppose it depends upon what they mean by “bent cable.” I once pinched the insulation off of a wire as I tightened a cover onto an electronics box. I noticed that the cover didn’t fit right, so we didn’t cause any damage to any satellite parts by turning on power, but the darnedest things can happen while doing routine things. It is why we always check connectors before mating and after demating, and it is amazingly easy to bend a pin on connectors — I watched it happen once when people thought that the connector was going on smoothly, and twice when people noticed too much resistance during the installation.

    The Russians have had a nasty string of failures over the past half decade or so, but catching problems before flight is a good thing. Catching them this late in the process is expensive (time as well as money), but it is better than not catching them.

    There have been a variety of reasons for the recent failures, from using the upper stage in a way the designers hadn’t intended, to installing an accelerometer upside down.

    I worked for a company that got very serious about reducing errors, after a very costly and embarrassing error occurred. They hired an expert on error prevention to give classes, including how errors have occurred in aerospace and how to prevent them, including recognizing when you yourself are tired or distracted. These were techniques that they wanted used in many areas, not just in assembly but also in planning, design, and test.

    I worked for another company just after they had the same very costly and embarrassing error happen, and as a new person, they asked me if I thought it could happen again. I gave them four reasons why I thought so, including that everyone there thought that it couldn’t happen again because they would all be vigilant — but that attitude reduces vigilance.

    I don’t know what the Russians are doing to improve quality control, but we will have to see how well it works. I am not impressed with their methods, as they have demolished a hydroelectric dam with careless operation, melted down a nuclear power plant with a bad incentive system for completing tests, and crashed a Progress spacecraft into a space station with the same bad incentive system.

    It seems to me that they have a cultural attitude that puts safety and quality lower on the priority list than we have done in much of the rest of the world. I hope that their need for a successful space program, even if individual successes are delayed, will change that attitude.

  • wayne

    – interesting stuff!
    Q: When it comes to making/assembling complex machinery/electronics– what is/are the major pitfall(s) in play?
    -Just anecdotally, I’ve found in everyday life that it’s generally the 5 cent part that fails at the most inopportune time.
    Is that something that is anywhere near “true?”
    (I’m thinking the electronics inside the oxygen tank on Apollo 13 as an off-handed example.)

  • PeterF

    That was true also of the wire behind the seat in the Apollo 1 capsule.

  • Edward

    It is hard for it to not be the “5 cent part,” as most of the individual components are inexpensive — even the expensive parts (e.g. microchips) cost far less than their repair — and failures often are traced back to failure of an individual part. The cause of the failure could be anything, such as mishandling, inadequate design, or “infant mortality.”

    One of the reasons for the expense of spacecraft is that most of the parts have been tested either individually or by proxy through samples of batches (screws are often tested by batch samples). Once assembled into basic units (e.g. electronics boxes), the unit is tested, and any failures are already getting expensive to repair, as the unit has to be disassembled and reassembled.

    Due to “infant mortality” in electronics, some components or units get the heck tested out of them so that trouble is less likely to happen later.

    After delivery, units are often “bench tested” to verify that it works after shipment. Usually they work, but now return shipment and delays of the next assembly are part of the cost of repair. There can be various levels of “next assembly” before the end unit is installed on the spacecraft, and each level has its own testing to verify that it hasn’t failed, because testing is so much cheaper than delivering a non-functional unit. (Yes, this has been learned the hard way by companies that tested only the completed assembly and skipped early testing and testing at each stage of assembly. This may work for assembly lines, such as building thousands of cars, but in Aerospace, cutting corners by reducing testing does not seem to work. SpaceX may have regretted not testing its incoming struts, for example.)

    Finally, the unit gets to the spacecraft assembly plant, and is bench tested upon arrival. After assembly onto the spacecraft, it is tested along with all the other parts to verify that it still works and that it works with all the other parts. (My first mentor had to make a Faraday shield for an instrument we built, because the power supply made by another company radiated EM, even though the specification required that it not do so, and we had to make the corrective action, not the offending power supply manufacturer. No one found out until after an early test during spacecraft assembly and test. As I said earlier, the darnedest things can happen.)

    Then there are vibration tests, thermal vacuum tests, and RF range testing (in an anechoic chamber), often at the unit level as well as at the spacecraft level.

    One instrument I designed and built had some serious thermal issues. (I wasn’t the thermal engineer on it, and I never want to be one, as that job is especially difficult — thermal designs are tricky to implement successfully, which is probably why my laptops always run hotter than I think they should.) We had to run it through vibration and thermal testing several times, and this resulted in the revelation of an electrical problem that would have dramatically degraded the instrument’s performance on orbit. Not might have, but would have.

    Anyway, I don’t know what problem caused the Soyuz cable trouble, but I suspect that whatever caused it to be bent also caused a hidden (or unreported) problem with the insulation. As with Apollo 13’s oxygen tank, what seemed like a non-problem was in reality a big problem. Sometimes the reality of the situation is not obvious, and sometimes the engineer’s judgement is not the best. (Judgement was one of the criteria for performance reviews at one place I worked.)

    The end of the book “Apollo 13” (or “Lost Moon,” in hard cover) explains what happened to the oxygen tank. It also explains that there is a file full of problem reports that follows each major component and spacecraft during assembly and test. I have added many pages to many of these files, because — well — the darnedest things can happen while doing routine things. The important thing is to notice and report suspected problems as soon as possible, because at that time, any necessary repair is less expensive than it will be when it is found next week, when it is installed on the next assembly (as happened to me during that endless thermal problem — the program started threatening to launch the mass model instead of the instrument). Or next month, on the spacecraft (as is happening in Russia, with their Soyuz problem). Or next year, in space (as happened on Apollo 13).

  • What would happen if the same thing has happened in US? Decades of more and more and more investigation by NASA to make sure of “Absolute safety in space”! But for Russia? It’s a different story!

  • Edward

    Other than what I described as happening often in the US, we actually have history of what happens in the US when people get killed by these kinds of problems. It was a mere spark that caused the fire that killed the Apollo 1 crew. After that tragic accident, NASA stood down for about a year and a half while that and other potential problems were fixed. Similar stand-downs occurred after the Challenger and Columbia accidents.

    Russia does not need a similar investigation in this case, because the problem does not appear to be chronic but specific to this one assembly. The good news is that the problem became known during testing, which is the reason for testing. My conclusion is that the “story” is similar in both Russia and the US.

    Although we know that there is no such thing as absolute safety, we also know, for instance, that the US can fly thousands of large airliners every day for more than a decade without a passenger fatality, and that would have seemed impossible a quarter century ago.

    The tone of your comment sounds like you are upset, Aario. My comment above was not to suggest that Russians individually take safety and quality less seriously than anyone else, but that the culture and the processes that developed from that culture are less conducive to safety and quality than they may think. In the US, for instance, it took about a century for us to change our culture after we started seriously considering safety and quality as important. Despite having much better safety and quality, we continue to strive for improvement.

    We learned directly from incidents like the Titanic tragedy, in which several prominent Americans were lost, and from technologies such as trolleys, when in the 1940s we developed the “Presidential” design in order to incorporate safety standards. In the 1970s, our auto industry learned that quality should be job one, because without quality, other countries were eating the US’s lunch by emphasizing quality.

    Airplane accidents were also a major factor, because the US airlines realized that with the increasing air traffic, if nothing were done about the then level of safety and quality, there would be weekly airline accidents in the headlines, and they worked very hard to successfully reduce this problem, so that for almost 15 years, there have been no passenger fatalities in a major US airliner on American soil. (However, a foreign airliner killed three people a few years ago, not far from where I am writing this.) (7 minutes)

    As an example of what I believe is a cultural problem in Russia, they tend to pay their engineers and cosmonauts a bonus for completing experiments, which has encouraged some of them to continue on after the experiment has proved to be hazardous. Chernobyl is an example of the lead engineer breaking the rules on the number of rods that must be left in the pile, in order to get the restart experiment to finish. The collision of a Progress freighter with the MIR space station happened because the cosmonaut conducting that test also had financial incentive to complete the test despite the test being so difficult to control — and the previous Progress almost collided with MIR for the same reason.

    If the incentive to complete these tests had not been there, then these people most likely would have merely reported the problems with their tests so that corrections to procedures or hardware could be completed before the tests were attempted again.

  • Edward

    That should have read: “Despite having much better safety and quality than a century ago,”

Leave a Reply

Your email address will not be published. Required fields are marked *