Space Shuttle abort modes

A Space Shuttle abort was an emergency procedure due to equipment failure on NASA's Space Shuttle, most commonly during ascent. A main engine failure is a typical abort scenario. There are fewer abort options during reentry and descent. For example, the Columbia disaster happened during reentry, and there were no alternatives in that portion of flight.

Later in descent certain failures are survivable, although not usually classified as an abort. For example, a flight control system problem or multiple auxiliary power unit failure could make reaching a landing site impossible, thus requiring astronauts to bail out.

Ascent abort modes

There were five abort modes available during ascent, in addition to pad (RSLS) aborts. These were divided into the categories of intact aborts and contingency aborts.^[1] The choice of abort mode depended on how urgent the situation was, and what emergency landing site could be reached. The abort modes covered a wide range of potential problems, but the most commonly expected problem was Space Shuttle Main Engine (SSME) failure, causing inability either to cross the Atlantic or to achieve orbit, depending on timing and number of failed engines. Other possible non-engine failures possibly necessitating an abort included multiple auxiliary power unit (APU) failure, cabin leak, and external tank leak (ullage leak).

Redundant Set Launch Sequencer (RSLS) Abort

The main engines were ignited roughly 6.6 seconds before liftoff. From that point to ignition of the Solid Rocket Boosters at T - 0 seconds, the main engines could be shut down. This was called a "Redundant Set Launch Sequencer Abort", and happened five times, on STS-41-D, STS-51-F, STS-51, STS-55, and STS-68. It always happened under computer (not human) control, caused by computers sensing a problem with the main engines after starting but before the SRBs ignited. The SRBs could not be turned off once ignited, and afterwards the shuttle was committed to take off. If an event such as an SSME failure requiring an abort happened after SRB ignition, acting on the abort would have to wait until SRB burnout 123 seconds after launch. No abort options existed if that wait was not possible.^[2]

Intact abort modes

There were four intact abort modes for the Space Shuttle. Intact aborts were designed to provide a safe return of the orbiter to a planned landing site or to a lower orbit than planned for the mission.

Return To Launch Site (RTLS)

In a Return To Launch Site (RTLS) abort, the Shuttle would have continued downrange until the solid rocket boosters are jettisoned. It would then pitch around, so the SSMEs are firing retrograde. This maneuver would have occurred in a near vacuum above the appreciable atmosphere and was conceptually no different from the OMS engines firing retrograde to de-orbit. The main engines continue burning until downrange velocity is killed and the vehicle is headed back toward the launch site at sufficient velocity to reach a runway. Then the SSMEs are stopped, the external tank is jettisoned, and the orbiter makes a normal gliding landing on the runway at Kennedy Space Center about 25 minutes after lift-off. The CAPCOM calls out the point in the ascent at which an RTLS becomes no longer possible as "negative return", approximately four minutes after lift-off.

Should all 3 SSMEs have failed, the shuttle would not have been able to make it back to the runway at KSC, forcing the crew to bail-out. While this would have resulted in the loss of the Shuttle, the crew could escape safely and then be recovered by the SRB Recovery Ships.

This abort mode was never needed in the history of the Shuttle program.

Astronaut Mike Mullane referred to the RTLS abort as an "unnatural act of physics" in his book Riding Rockets.

Transoceanic Abort Landing (TAL)

A Transoceanic Abort Landing (TAL) involves landing at a predetermined location in Africa or western Europe about 25 to 30 minutes^[3] after lift-off. It is used when velocity, altitude and distance downrange do not allow return to the launch point via RTLS. It is also used when a less time-critical failure does not require the faster but possibly more stressful RTLS abort.

A TAL abort would be declared between roughly T+2:30 minutes (2 minutes, 30 seconds after liftoff) and Main Engine Cutoff (MECO), about T+8:30 minutes. The Shuttle would then land at a predesignated friendly airstrip in Europe. The four present TAL sites are Istres Air Base in France, Zaragoza or Morón air bases, both in Spain, and RAF Fairford in England. Prior to a Shuttle launch, two of them are selected depending on the flight plan, and staffed with standby personnel in case they are used. The list of TAL sites has changed over time; most recently Ben Guerir Air Base in Morocco (TAL site from July 1988–June 2002) was eliminated due to terrorist attack concerns. Other previous TAL sites have included Lajes Air Base, Terceira, Azores, Mallam Aminu Kano International Airport, Kano, Nigeria; Mataveri International Airport, Easter Island, Chile (for Vandenberg launches); Rota, Spain; Casablanca, Morocco; Banjul, Gambia; and Dakar, Senegal.

Preparations of TAL sites take 4–5 days and begin a week before a launch with the majority of NASA, DOD and contractor personnel arriving 48 hours before launch. Additionally two C-130 aircraft from the Manned Space Flight support office from the adjacent Patrick Air Force Base including 8 crew, nine pararescuemen, two flight surgeons, a nurse and medical technician, along with 2,500 pounds of medical equipment are deployed to the Zaragoza site, Istres site or both. One or more C-21 or a C-12 aircraft are also deployed to provide weather reconnaissance in the event of an abort with a TALCOM, or astronaut flight controller aboard for communications with the shuttle pilot and commander.^[3]

This abort mode was never needed during the history of the Shuttle program.

Abort Once Around (AOA)

An Abort Once Around (AOA) is available when the shuttle cannot reach a stable orbit but has sufficient velocity to circle the earth once and land, about 90 minutes after lift-off. The time window for using the AOA abort is very short – just a few seconds between the TAL and ATO abort opportunities. Therefore, taking this option would be very unlikely.

This abort mode was never needed during the history of the Shuttle program.

Abort to Orbit (ATO)

An Abort to Orbit (ATO) is available when the intended orbit cannot be reached but a lower stable orbit is possible. This occurred on mission STS-51-F, which continued despite the abort to a lower orbit. The Mission Control Center in Houston (located at Lyndon B. Johnson Space Center) observed an SSME failure and called "Challenger--Houston, Abort ATO. Abort ATO".

The moment at which an ATO becomes possible was referred to as the "press to ATO" moment. In an ATO situation, the spacecraft commander rotated the cockpit abort mode switch to the ATO position and depressed the abort push button. This initiated the flight control software routines which handled the abort. In the event of lost communications, the spacecraft commander could have made the abort decision and take action independently.

A hydrogen fuel leak in one of the SSMEs on STS-93 resulted in a slightly lower orbit than anticipated, but was not an ATO; if the leak had been more severe, it might have necessitated an ATO, RTLS, or TAL abort.

Emergency landing sites

Pre-determined emergency landing sites for the Orbiter were determined on a mission-by-mission basis according to the mission profile, weather and regional political situations. Emergency landing sites during the shuttle program included:^[4] ^[5]
Sites in which an Orbiter has landed are listed in Bold, but none are emergency landings.

Algeria

Aguenar – Hadj Bey Akhamok Airport, Tamanrasset

Australia

Bahamas

Lynden Pindling International Airport, Nassau

Bermuda

NAS Bermuda, St. David's Island

Canada^[7]

Germany

Greece

Souda Air Base, Souda Bay, Crete

Iceland

Keflavík International Airport, Keflavík

Ireland

Shannon International Airport, Shannon, County Clare

Liberia

Roberts International Airport, Monrovia (until 1989)

Portugal

Lajes Field, Lajes
Beja Airbase, Beja

Saudi Arabia

King Khalid International Airport, Riyadh

Spain

Somaliland (now Somalia)

Berbera Airport, Berbera^[9] (Inactive since 1991)

South Africa

South African Air Force Base Hoedspruit

Sweden

Arlanda Airport, Stockholm

Turkey

Esenboğa International Airport, Ankara

United Kingdom

RAF Brize Norton, Oxfordshire, England
RAF Fairford, Gloucestershire, England
RAF Machrihanish, Campbeltown, Scotland
RAF Mildenhall, Suffolk, England
RAF Upper Heyford, Oxfordshire, England (until 1993)
NAF Diego Garcia, British Indian Ocean Territory
Doncaster Airport, South Yorkshire, England

United States

Zaire (now the Democratic Republic of the Congo)

N'djili Airport, Kinshasa (until 1997)

Other locations

In the event of an emergency deorbit that would bring the Orbiter down in an area not within range of a designated emergency landing site, the Orbiter is theoretically capable of landing on any paved runway that is at least 3 km (9,800 ft) long, which includes the majority of large commercial airports. In practice, a US or allied military airfield would probably be preferred for reasons of security arrangements and minimizing the disruption of commercial air traffic.

Preferences

There is an order of preference for abort modes. ATO is the preferred abort option whenever possible. TAL is the preferred abort option if the vehicle has not yet reached a speed permitting the ATO option. AOA would only be used in the brief window between TAL and ATO options. RTLS results in the quickest landing of all abort options, but is considered the riskiest abort. Therefore it is selected only in cases where the developing emergency is so time-critical the other aborts aren't feasible, or in cases where the vehicle has insufficient energy to reach the other aborts.

Unlike all previous U.S. manned launch vehicles, the shuttle never flew unmanned test flights. To provide an incremental non-orbital manned test, NASA considered making the first mission an RTLS abort. However, STS-1 commander John Young declined, saying, "let's not practice Russian roulette."^[11]

Contingency aborts

Contingency aborts are designed to permit flight crew survival following more severe failures when an intact abort is not possible. A contingency abort would generally result in a ditch operation.

Were the Orbiter unable to reach a runway, it could ditch in water, or could land on terrain other than a landing site. It would be unlikely for the flight crew still on board to survive. However, for ascent abort scenarios where controlled gliding flight is achievable, a bailout is possible. For more details, see "Post-Challenger abort enhancements" below.

In the two disasters, things went wrong so fast that little could be done. In the case of Challenger, the Space Shuttle Solid Rocket Boosters were still burning as they tore free from the rest of the stack, one likely impacting the external tank. The orbiter disintegrated almost instantly from aerodynamic stresses as the stack broke up. The Columbia disaster occurred high in the atmosphere during reentry.

Post-Challenger abort enhancements

Before the Challenger disaster during STS-51-L, very limited ascent abort options existed. Failure of only a single SSME was survivable prior to about 350 seconds into the ascent. Two or three failed SSMEs prior to that point would mean loss of crew and vehicle (LOCV), since no bailout option existed. Two or three failed SSMEs while the SRBs are firing would probably have overstressed the struts attaching the orbiter to the external tank, causing vehicle breakup. For that reason, a Return To Launch Site (RTLS) abort was not possible in the event of two or three failed SSMEs. Studies showed an ocean ditching was not survivable. Furthermore, the loss of a second or third SSME at almost any time during an RTLS abort would have caused a LOCV.

After the loss of Challenger in STS-51-L, numerous abort enhancements were added. With those enhancements, the loss of two SSMEs was now survivable for the crew throughout the entire ascent, and the vehicle could survive and land for large portions of the ascent. Loss of three SSMEs was survivable for the crew for most of the ascent, although survival in the event of three failed SSMEs before T+90 seconds is questionable. However, it is conceivable that failure of three SSMEs just after liftoff might be survivable, since the SRBs provide enough thrust and steering authority to continue the ascent until a bailout or RTLS. The struts attaching the orbiter to the external tank were strengthened to better endure a multiple SSME failure.

A particular significant enhancement was bailout capability. This is not ejection as with a fighter plane, but an Inflight Crew Escape System^[12] (ICES). The vehicle is put in a stable glide on autopilot, the hatch is blown, and the crew slides out a pole to clear the orbiter's left wing. They would then parachute to earth or the sea. While this may at first appear only usable under rare conditions, there are many failure modes where reaching an emergency landing site is not possible yet the vehicle is still intact and under control. Before the Challenger disaster, this almost happened on STS-51-F, when a single SSME failed at about T+345 seconds. The orbiter in that case was also Challenger. A second SSME almost failed due to a spurious temperature reading; fortunately the engine shutdown was inhibited by a quick-thinking flight controller. If the second SSME failed within about 69 seconds of the first, there would have been insufficient energy to cross the Atlantic. Without bailout capability the entire crew would be lost. After the loss of Challenger, those types of failures have been made survivable. To facilitate high altitude bailouts, the crew now wears Advanced Crew Escape Suits during ascent and descent. Before the Challenger disaster, crews for operational missions wore only fabric flight suits.

Another post-Challenger enhancement was the addition of East Coast Abort Landings (ECAL). High-inclination launches (including all ISS missions) can now reach an emergency runway on the East Coast of the United States under certain conditions.

An ECAL abort is similar to RTLS, but instead of landing at the Kennedy Space Center, the Orbiter would attempt to land at another site along the east coast of North America. Various emergency landing sites extend from South Carolina and Bermuda up into Newfoundland, Canada. ECAL is a contingency abort that is less desirable than an intact abort, primarily because there is so little time to choose the landing site and prepare for the Orbiter's arrival. The ECAL emergency sites are not as well equipped to accommodate an Orbiter landing.^[13]

Numerous other abort refinements were added, mainly involving improved software for managing vehicle energy in various abort scenarios. These enable a greater chance of reaching an emergency runway for various SSME failure scenarios.

Ejection escape systems

An ejection escape system, sometimes called a launch escape system, has been discussed many times for the shuttle. After the Challenger and Columbia losses, great interest was expressed in this. All previous US manned space vehicles had launch escape systems, although none were ever used.

Ejection seat

Modified Lockheed SR-71 ejection seats were installed on the first four shuttle flights (all two-man missions aboard Columbia) and removed afterward. Ejection seats were not further developed for the shuttle for several reasons:

Very difficult to eject seven crew members when three or four are on the middeck (roughly the center of the forward fuselage), surrounded by substantial vehicle structure.
Limited ejection envelope. Ejection seats only work up to about 3,400 mph (2,692 knots) and 130,000 feet (39,624 m). That constitutes a very limited portion of the shuttle's operating envelope, about the first 100 seconds of the 510 seconds powered ascent.
No help during Columbia-type reentry accident. Ejecting during an atmospheric reentry accident would be fatal due to the high temperatures and wind blast at high Mach speeds.

The Soviet shuttle Buran was planned to be fitted with the crew emergency escape system, which would have included K-36RB (K-36M-11F35) seats and the "Strizh" full-pressure suit, qualified for altitudes up to 30,000 m and speeds up to Mach 3.^[14] Buran flew only once in fully automated mode without a crew, thus the seats were never installed and were never tested in real human space flight.

Ejection capsule

An alternative to ejection seats is an escape crew capsule or cabin escape system where the crew ejects in protective capsules, or the entire cabin is ejected. Such systems have been used on several military aircraft. The B-58 Hustler and XB-70 Valkyrie used capsule ejection. The General Dynamics F-111 and early prototypes of the Rockwell B-1 bomber used cabin ejection.

Like ejection seats, capsule ejection for the shuttle would be difficult because no easy way exists to exit the vehicle. Several crewmembers sit in the middeck, surrounded by substantial vehicle structure.

Cabin ejection would work for a much larger portion of the flight envelope than ejection seats, as the crew would be protected from temperature, wind blast, and lack of oxygen or vacuum. In theory an ejection cabin could be designed to withstand reentry, although that would entail additional cost, weight and complexity. Cabin ejection was not pursued for several reasons:

Major modifications required to shuttle, likely taking several years. During much of the period the vehicle would be unavailable.
Cabin ejection systems are heavy, thus incurring a significant payload penalty.
Cabin ejection systems are much more complex than ejection seats. They require devices to cut cables and conduits connecting the cabin and fuselage. The cabin must have aerodynamic stabilization devices to avoid tumbling after ejection. The large cabin weight mandates a very large parachute, with a more complex extraction sequence. Air bags must deploy beneath the cabin to cushion impact or provide flotation. To make on-the-pad ejections feasible, the separation rockets would have to be quite large. In short, many complex things must happen in a specific timed sequence for cabin ejection to be successful, and in a situation where the vehicle might be disintegrating. If the airframe twisted or warped, thus preventing cabin separation, or debris damaged the landing airbags, stabilization, or any other cabin system, the occupants would likely not survive.
Added risk due to many large pyrotechnic devices. Even if not needed, the many explosive devices needed to separate the cabin entail some risk of premature or uncommanded detonation.
Cabin ejection is much more difficult, expensive and risky to retrofit on a vehicle not initially designed for it. If the shuttle was initially designed with a cabin escape system, that might have been more feasible.
Cabin/capsule ejection systems have a patchy success record, likely because of the complexity.

Space Shuttle Abort History^[15]

Date	Orbiter	Mission	Type of Abort	Time of Abort	Description
1984-06-26	Discovery	STS-41-D	RSLS	T-3 seconds	Sluggish valve detected in Space shuttle main engine (SSME) #3. Discovery rolled back to VAB for replacement engine.
1985-07-12	Challenger	STS-51-F	RSLS	T-3 seconds	Coolant valve problem with SSME #2. Valve was replaced on launch pad.
1985-07-29	Challenger	STS-51-F	ATO	T+5 minutes, 45 seconds	Sensor problem shutdown SSME #1. Mission continued in lower than planned orbit.
1993-03-22	Columbia	STS-55	RSLS	T-3 seconds	Problem with purge pressure readings in the oxidizer preburner on SSME #2. All engines replaced on pad.
1993-08-12	Discovery	STS-51	RSLS	T-3 seconds	Sensor that monitors flow of hydrogen fuel in SSME #2 failed. All engines replaced on launch pad.
1994-08-18	Endeavour	STS-68	RSLS	T-1.9 seconds	Sensor detected higher than acceptable readings of the discharge temperature of the high pressure oxidizer turbopump in SSME #3. Endeavour rolled back to VAB to replace all 3 engines. A test firing at Stennis Space Center confirmed a drift in the fuel flow meter which resulted in a slower start in the engine which caused the higher temperatures.

References

^ "Shuttle Abort Modes". Shuttle Reference and Data. NASA. Retrieved 2006-12-09.
^ NASA - Mission Profile
^ ^a ^b "Space Shuttle Transoceanic Abort Landing (TAL) Sites" (PDF). National Aeronautics and Space Administration. December 2006. Retrieved 2009-07-01.
^ Dennis R. Jenkins (2001). Space shuttle: the history of the National Space Transportation System : the first 100 missions.
^ Worldwide Shuttle Landing Site information
^ Kerrie Dougherty and Matthew L. James (1993). Space Australia: the story of Australia's involvement in space. Powerhouse.
^ "NASA SPACE SHUTTLE EMERGENCY LANDING SITE CONTINGENCY PLAN" (PDF). Transport Canada.
^ "France to assist NASA with the future launches of the Space Shuttle". Retrieved 2009-08-27.
^ "Somaliland's missing identity". BBC. 5 May 2005.
^ "NASA Names North Carolina Airport Emergency Landing Site for Shuttle". Retrieved 2009-01-17.
^ "Astronauts in Danger". Popular Mechanics. 2000. Retrieved 2006-12-09. {{cite web}}: Unknown parameter |month= ignored (help)
^ spaceflight.nasa.gov
^ aerospaceweb.org
^ "Emergency escape systems of RD&PE Zvezda".
^ nasa.gov

External links

volume 1, chapter 9 of the Rogers commission report

[presskit-1] "Shuttle Abort Modes". Shuttle Reference and Data. NASA. Retrieved 2006-12-09.

[2] NASA - Mission Profile

[FS-2006-01-004-KSC-3] "Space Shuttle Transoceanic Abort Landing (TAL) Sites" (PDF). National Aeronautics and Space Administration. December 2006. Retrieved 2009-07-01.

[4] Dennis R. Jenkins (2001). Space shuttle: the history of the National Space Transportation System : the first 100 missions.

[5] Worldwide Shuttle Landing Site information

[6] Kerrie Dougherty and Matthew L. James (1993). Space Australia: the story of Australia's involvement in space. Powerhouse.

[7] "NASA SPACE SHUTTLE EMERGENCY LANDING SITE CONTINGENCY PLAN" (PDF). Transport Canada.

[8] "France to assist NASA with the future launches of the Space Shuttle". Retrieved 2009-08-27.

[9] "Somaliland's missing identity". BBC. 5 May 2005.

[10] "NASA Names North Carolina Airport Emergency Landing Site for Shuttle". Retrieved 2009-01-17.

[popmech-11] "Astronauts in Danger". Popular Mechanics. 2000. Retrieved 2006-12-09. {{cite web}}: Unknown parameter |month= ignored (help)

[12] spaceflight.nasa.gov

[13] rospaceweb.org

[14] "Emergency escape systems of RD&PE Zvezda".

[15] sa.gov

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

v t e Space Shuttle program
Space Shuttle List of missions List of crews
Components	Orbiter Solid Rocket Booster External tank Main engine Orbital Maneuvering System Reaction control system Thermal protection system Booster separation motor
Orbiters	Enterprise Columbia Challenger Discovery Atlantis Endeavour
Add-ons	Spacelab (ESA) Canadarm (CSA) Extended Duration Orbiter Remote Controlled Orbiter Spacehab Multi-Purpose Logistics Module
Sites	Launch Complex 39 A B Space Launch Complex 6 Landing sites Shuttle Landing Facility Abort landing sites
Operations and training	Missions (canceled) Crews Mission timeline Rollbacks Abort modes Rendezvous pitch maneuver Shuttle Mission Simulator Shuttle Training Aircraft
Testing	Inspiration (design) Pathfinder (simulator) MPTA (engine test article) Approach and Landing Tests
Disasters	Challenger disaster (report) Columbia disaster (report)
Support	Crawler-transporter Mate-Demate Device Mobile Launcher Platform NASA recovery ship Orbiter Processing Facility Shuttle Avionics Integration Laboratory (SAIL) Shuttle Carrier Aircraft flights Shuttle Training Aircraft STS-3xx
Special	Deutschland-1 Getaway Special Journalist in Space Project Teacher in Space Project Shuttle-Mir Hitchhiker
Space suits	Extravehicular Mobility Unit Shuttle Ejection Escape Suit Launch Entry Suit Advanced Crew Escape Suit
Experiments	Freestar experiments Inflatable Antenna Experiment Spartan Packet Radio Experiment Shuttle pallet satellite Wake Shield Facility
Derivatives	Saturn-Shuttle Magnum Shuttle-Derived Heavy Lift Launch Vehicle Jupiter Shuttle-C Shuttle-Centaur Ares I IV V Liberty Space Launch System OmegA
Replicas	Independence
Related	Space Shuttle design process studied designs Inertial Upper Stage Payload Assist Module International Space Station Criticism Retirement Conroy Virtus Hail Columbia (1982 documentary) The Dream Is Alive (1985 documentary) Challenger (1990 film) Destiny in Space (1994 documentary) Columbia: The Tragic Loss (2004 documentary) Hubble (2010 documentary) The Challenger Disaster (2013 film) Challenger: The Final Flight (2020 documentary miniseries) Space Shuttle America Rendezvous: A Space Shuttle Simulation Space Shuttle Project Shuttle Space Shuttle: A Journey into Space Space Shuttle Mission 2007 Orbiter Space Flight Simulator When We Left Earth: The NASA Missions