Space Safety is No Accident

The space debris issue was not immediately identified in the beginnings of the space conquest: the main risks seemed to come from meteorites. The early returns of spacecraft on Earth revealed small size impacts by non-natural particles. The link was quickly established with several in-orbit explosions of launcher upper stages that generated these objects. Under NASA leadership the first passivation measures have successfully been applied to deal with this situation. This led to the NASA standard containing the first preventive measures.

For its part, Europe began to implement mitigation measures as early as 1983 when performing the end of life operations of the Symphonie A and B satellites, and was later faced with the in-orbit explosion of an Ariane upper stage in 1986. This situation pushed the CNES to develop its own standard on space debris derived from the NASA standard. The work in this context was then extended to the main European partners: 5 space agencies, ASI, BNSC, CNES, DLR and ESA formed a working group to develop the technical content of preventive measures. After extensive discussions this work finally resulted in the publication of the EDMS (European Debris Mitigation Standard) and later of the CoC (Code of Conduct on space debris mitigation) in 2004.

In 1993 the debris subject became truly international with the establishment of the IADC (Inter Agency Space Debris Coordination Committee) and with the start of activities in the frame of the United Nations Scientific and Technical Subcommittee of the COPUOS (Committee on Peaceful Uses of Outer Space). Two major documents have materialized this work: in 2002 the IADC Mitigation Guidelines were published and the high level principles of COPUOS in 2007. These documents are still the technical and political bases of all regulations. In parallel, the ISO has developed, with strong involvement of European partners, a set of detailed standards on space debris to facilitate their application by manufacturers and operators.

These measures have initially been applied on a voluntary basis by space agencies and by some operators. However, according to the Treaties of the United Nations, States are responsible for activities conducted in space by their operators. This led to the establishment of national regulatory regimes in some countries as the licensing systems in the U.S and in UK or the Space Operations Act in France.

Space is more and more prone to accidents involving obsolete orbital objects. Examples are: July 1996: Cerise satellite lost due to a collision with a former Ariane tank fragment February 2009: Cosmos 2251 and Iridium 33 destroyed by collision, creating 1100 new catalogued debris objects.

Space debris has become a serious problem for the safe operations of spacecraft in low Earth orbit. Attempts such as improving trajectory predictions of non-functional objects in space, guidelines for safer launches nowadays, and an implementation of post-mission disposal however will not stop the growth in debris numbers. One solution for mitigation is therefore the realization of removal missions.Due to space debris being an issue for all space faring nations, this paper introduces an exemplary removal mission for 5 Russian SL-8 rocket bodies at an inclination of 83

∘

orbiting at an altitude of 970 km - an area crowded with space debris and thus involving a high collision risk.The mission draft presented is based on a main satellite (

Au

tonomous

De

bris

Re

moval

S

atellite - ADReS-A) and - according to the number of targets - 5 de-orbit kits. The idea presented includes a parking orbit close to the targets positions, into which the set-up is launched. While the kits are equipped with a de-orbit thruster, the task of ADReS-A is, to approach the uncooperative target, berth it, stabilize the compound system and attach the de-orbit kit onto the target. The main satellite will take each de-orbit kit separately to the individual targets, shuttling between the parking orbit and the target orbits.A prospect addressing the highly critical situations resulting from the interaction with an uncooperative target is given towards the end of the paper with a preliminary design for a decision process for autonomy.

This paper describes the activities performed by Aviospace in the frame of CADET (CApture and DE-orbiting Technologies) R&T project, whose objective is the preliminary development of enabling technologies required for Active Debris Removal from LEO orbits. The project focuses in particular in-space capture concepts for large space debris, such as upper stages of elderly launchers or decommissioned satellites. For these, a non-collaborative rendez-vous and capture procedure, to be performed by a robotic spacecraft (namely “chaser”), is required.

Such enabling technologies include:

techniques for orbital recognition of the target debris, based on images obtained in-situ by the chaser spacecraft via optical sensors

technologies of autonomous guidance, navigation and control for phases of close rendez-vous, final approach and capture

technologies, strategies and concepts for target capture and solidarization

For such technologies, current level of development – at least on the national scenario - is TRL 2 and it is planned to reach of TRL 4 through the development of an integrated demonstrator and the associated test setup to be adopted for functional validation.

CADET project started in January 2013; it is co-funded by Regione Piemonte according to: POR FESR 2007/2013 – linea di attività I.1.1. “Piattaforme innovative” – AEROSPAZIO FASE II.

Current protection techniques leave spacecraft vulnerable to objects between approximately 1 and 10 cm. This paper summarizes the conceptual design of a space vehicle with the objective of shielding spacecraft from objects in this range of sizes, which was made to study the feasibility of such a method for spacecraft protection. The design was divided into three stages: first, using SPH simulations, a multi-layer shield capable of defeating large projectiles was designed; next, a deployment mechanism that allowed the shield to be stored compactly for launch was designed and analyzed using a vector-based kinematics and dynamics method; finally, a general design of the service module was made. The final design has feasible dimensions for a spacecraft to be placed in Low Earth Orbit (LEO) and consists of an eight-layer shield with an umbrella-inspired deployment mechanism.

Many innovative, radical and respectable space debris remediation ideas are being proposed these days. Most of them are under constant development and many others have been taken up by space research organizations of different countries. But a good number of methods still suffer from technical and or financial imperfections. Space debris is a problem that hasn’t yet been contemplated by many countries. The Kessler Syndrome makes the situation even more serious for the ongoing space operations and manned activities in the Low Earth Orbit (LEO). This paper discusses major unconventional methods that are being taken into account by many concerned space institutes, professionals and students. The difficulties which these ideas face are discussed in this paper. A new concept of space debris removal, Deorbiting Cylindrical Orbiter (DeCOrb), is introduced along with its potential design and ability to take versatile forms.

In the framework of the French Space Operations Act (FSOA) [1-2], it is now necessary to take into account the orbit lifetime of the satellites, in particular for the Low Earth Orbits (LEO), whose population is increasing. But after 2020, it will be mandatory to foresee a controlled re-entry, except if it is actually unfeasible. Currently, only few spacecraft, like the ATV (Automatic Transfer Vehicle), is able to perform such de-orbit manoeuvres for a controlled re-entry. For more classical satellites, such manoeuvres will imply a too important amount of propellant. Thus, it could be interesting to analyse de-orbit strategies with low-thrusts provided by an electric propulsive system. Indeed, even though these low-thrusts do not allow to bring the satellite on a directly re-entering orbit, it may be envisaged to position the spacecraft on an orbit whose altitude is low enough to be able to predict its re-entry within some hours, therefore limiting the debris fallout zone to a small number of orbit ground-tracks, chosen in order to decrease the risk on ground for human population.

Space debris has been steadily increasing. Cascading effect caused by the collision between the objects would worsen the situation further. To ensure the safety of future space activities, aggressive measures to reduce debris is needed. Since density of debris in the region of 800 km to 1500 km altitude is particularly high, the occurrence of cascade event can be a major obstacle for activities in Low Earth Orbit (LEO). To avoid this situation, JAXA is investigating a service system to capture a defunct satellite or rocket bodies, and remove them from this "crowded" orbit to waste orbit. JAXA is developing Electro Dynamic Tether (EDT) experiment system for on-orbit demonstration as a propulsion system. This paper presents system design, development status, demonstration plan, safety consideration to the ISS and reentry of EDT experiment system.

For decades, space faring nations and private organizations have underestimated the fact that orbital space is a limited resource. A sustainable development of space activities will only be possible if space users will implement technologies and practices suitable to avoid the accumulation of objects in orbit. Until then, objects will accumulate as long as the rate of launches is higher than the rate at which objects are removed by natural forces. Currently, the increasing population of defunct satellites and other man-made debris in orbital space is getting in the focus of legislators, agencies and industry.

A dedicated decommissioning device with solid propellant propulsion system to be installed on satellites before launch would allow a safe and quick decommissioning of a spacecraft before it impacts with other objects and is fragmented in small debris.

D-Orbit proposes a system based on solid propellant technology with the following features:

works even if the satellite is malfunctioning;

compliant with ESA and NASA standards;

single point of failure free (except for the motor),

reliable for the entire life of the satellite;

scalable and therefore adaptable to different missions

This paper shows the benefits that a dedicated decommissioning device would bring to the sustainability of space activities. Its adoption will allow a permanent, sustainable utilization model for orbital space, thereby enhancing a safe access to space for the future.

The authors show the requirements applicable to the design and use of such a device focusing on safety and suggesting the technical measures for their implementation.

The issue of radio frequency in outer space is a very pertinent one, due to the plethora of satellites operating and about to operate in the outer space. Thus, the possibility of interference of this form is getting higher by the day. ITU regulations and International law may be sought recourse to in such matters. This article address this issue based on three aspects in the legal regime on frequency interference, viz., (a) the governing legal framework; (b) the challenges in current legal regime; (c) the proposed solutions and promotions to current legal regime.

The Aerospace Corporation (Aerospace) conducts extensive space safety activities as a part of its overall mission assurance responsibilities. This paper spotlights safety insights gleaned by Aerospace from past space mishaps. It also explains how Aerospace conducts cross-program analysis, extracts lessons, codifies best practices, and shares its broad knowledge base across the space community.

As space exploration advances towards the planetary bodies in the Solar system, the issue of contamination and its impact on the search for life becomes more important. Scientific categorization concepts such as the Plausibility of Life (POL) rating only describe the likelihood of finding conditions suitable for the formation of life on celestial bodies not taking contamination issues into account, while other policy-driven categorizations such as the Committee on Space Research (COSPAR) and their Planetary Protection Policy mainly focus on aiming to avoid the “harmful contamination” to Earth and other celestial bodies, without thinking of the plausibility of life.

The aim of this paper is to combine the POL categories with the Planetary Protection Policy categories to establish a Planetary Protection Index (PPI). The PPI specifies the type and strictness of the protection for each celestial body under different mission conditions as well as taking into account contamination issues.

During his famous speech before Congress on 25 May 1961, President John F. Kennedy said "

I believe that this nation should commit itself to achieving the goal, before this decade is out, of landing a man on the moon and returning him safely to the earth

.” During that speech he put a goal before the space community that was both exciting and nearly impossible. The fact that we were able to send men to the moon and bring them back safely was a combination of hard work and extremely good luck. Just the act of getting men off the Earth and into space is one of the most dangerous undertakings ever attempted and for the foreseeable future will not be “safe”.

The JSC 20793, “Crewed Space Vehicle Battery Safety Requirements” was updated recently based on lessons learned in the past decade. Lessons learned were from field experiences and tests carried out by the various NASA Centers, other government agencies, as well as the aerospace industry. This paper will describe the changes made to the battery safety requirements document.

Lithium-ion cells have the highest energy density of the rechargeable cell chemistries in the commercial market. However, associated with this high energy density is also a very high propensity for these batteries to go into a thermal runaway under off-nominal events and abusive conditions. Past studies have indicated that the consequence of an off-nominal condition depends on the state-of-charge (SOC) of the cells. The current study was undertaken to test the cells under various states of charge (depths of discharge) to understand the safety tolerance of the cells at the different capacity levels.

Traditional non-maintainable life supporting systems of manned spacecraft limit the utilization time to a minimum. Conversely, the International Space Station (ISS) represents an adequate environment for the maintainable life supporting systems.

The hardware of the orbital Columbus laboratory consist of on-orbit maintainable equipment with a design life of 10 years and non-maintainable items designed to allow utilization time of 15 years before reaching the end of life.

The life extension is one further step within the continuous evolution of the life support systems also of regenerable nature, mandatory for long duration missions, without relying on spare supplies from earth.

The paper reflects the safety considerations that were made for the Columbus module, focusing on TCS and ECLSS subsystems, and describes the process through which the lifetime extension of Columbus was achieved.

After several years of operating the International Space Station, a growing tendency for usage of commercially available hardware items can be noticed. The challenge for certifying the safe operation on-board the ISS leads to the need for changing also some safety requirements.

This paper analyzes the historic basis for the safety requirements that were used for the development of the Station, its systems and payloads, e.g. due to the limited information on environmental effects over extended durations. It evaluates the current situation of safety requirement changes or safety requirement interpretation changes in the international environment based on factors like onboard experience and better understanding of the environment which can lead to relaxation of safety requirements. But also the challenges are highlighted, as any system is as strong as the weakest leg. Special attention should be taken to not stop to worry, especially if it is not traceable why the original requirement has been defined in the first place.

Some elements for improved safety requirement - definition, - background traceability and - changes for future programs for complex and long operated on-board systems are proposed to reduce reactive adoptions via safety NCRs, waivers or operational workarounds.

Results of recent and current active magnetic shielding studies for manned space missions are presented. The proposed shielding configurations are based on high temperature superconductors. The mass estimates of the coils and supporting structure of the engineering designs are based on the current and expected near-future performance of the superconducting materials. In each case, the shield performance, in terms of dose reduction, is provided by a 3-dimensional Monte Carlo simulation, which treats in detail the electromagnetic and hadronic interactions of the galactic-cosmic rays, and the secondary particles they produce in the materials of the shield and spacecraft.

The certification of Flight Safety Officers at the Guiana Space Center requires a repetition of training exercises during which various failure scenarios are simulated. For each of them, the team decides in real time to abort the mission if required when precise conditions are met.

Due to the arrival at the CSG of the new launchers Soyuz and Vega and to the associated increased launch rate, the need to perform these trainings on a dedicated, realistic and easily configurable environment appeared. For this purpose, a training platform called EMUL was developed and is used at the CSG since April 2014.

After a brief recall of flight safety operations and of the training process of Flight Safety Officers at the CSG, this paper presents the main features and the architecture of this “flight safety simulator” and provides preliminary feedbacks and perspectives for further developments.

The paper will present the use of Hydrogen Peroxide in the Soyuz launcher ST version that since 2011 entered into service at Guiana Space Centre. In this paper at first the danger of the Hydrogen Peroxide High Concentrated (PHHC) will be briefly presented together with what the international organisms and organizations recommend about its health effects on humans, after a description of the Soyuz ST exploitation in particular linked with PHHC task and its environment during the launcher campaign will be highlighted. The paper will demonstrate how the Russian and the European methods have well merged. A description of anomalies and difficulties met during the preparation of the first 9 flights will be provided. In conclusion, a safety evaluation and recommendations for further future space applications and exploitations will be presented.

The purpose of this study is to identify and examine the space launch vehicle failures recorded between January 2000-July 2014 and classify them according to four different methods to acquire improved understanding of underlying causes and trends of unmanned launch vehicle failures. In the first method, the failures are classified according to the phase of launch in which they occurred. The second method sorted the failures with respect to the malfunctioning subsystem. The third classification investigated the failure patterns and trends within launch vehicle families. Finally, the fourth classification aims to reveal the underlying causes of the failure. It is our hope that this study will help the space launch community to better understand the causes of space launch failures and to implement practices that will lead to safer and successful future launch activities.

The first Korean satellite launch vehicle, KSLV-I (Korea Space Launch Vehicle-I), was launched for its third flight test on Jan. 30, 2013. KARI (Korea Aerospace Research Institute) performed flight safety analyses prior to the flight in order to estimate the risk levels posed to the public quantitatively, and operated flight safety systems to cope with risky situations during flight. This paper describes the flight safety system operation, flight safety algorithm’s analysis results, and data processed in real-time during KSLV-I flight test.

Payloads launched from JAXA Launch Facilities must meet JAXA safety requirements. For one, payloads having liquid propulsion systems are required to have triple seals to prevent propellant leakage.

During the past several years, JAXA System Safety Review Panel (SSRP) responsible for safety of Expendable Launch Vehicle (ELV) payloads experienced several cases of violation against this requirement. The payloads which failed to comply with the triple seal requirement were developed by the payload organizations that have launch experiences from other launch facilities but not from JAXA’s. These payloads were developed according to other safety standards and had fewer seals.

This situation triggered JAXA to examine the criteria of acceptance. As one of the activities for this purpose, JAXA performed demonstration of propellant leakage to understand the phenomena. This paper reports the findings of this demonstration.

In this paper the Mexican Satellite Space Launch Center Failure Model and the Real Time System design are presented. Mexico has the fourth best place in the world to establish Space Platforms, where the reduced cost and geographical place is optimal to construct the Launch Center [24, 28]. This open the opportunity to design, build and launch Mexican geostationary Satellites from the Mexican Space Launch Center like other countries of the Space Community. This proposal was one of the papers presented during the Mexican Space Agency (AEM) Consultation Forums (2010-2011) however, the System design and Failure Analysis are presented on this paper. As Mexico has recently entered to the space community it is important that new designs of space systems are developed, proposed and formally described before being constructed.

The methodologies for designing the systems of the Mexican Satellite Space Launch Center are the Structured Analysis for Real Time (SA-RT), the software is carried out by the LACATRE Real Time Formal language; the System Failure Model is analyzed and proposed using Fault Trees. Some recent related work, the methodology for designing similar systems- has been presented during the 6th IAASS Conference in Montreal, Canada (2013), and throughout the Aerospace congress in Guadalajara México CYCYTA (2013). Also some related work had been presented during the International Mexican Aerospace Science and Technology Society (SOMECYTA) international congress held in San Luis Potosí, México (2012) and during the Mexican Space Consultation Forums (2010-2011). The Real Time Satellite Space Launch Center System design and Failure Model, is the first step to propose and construct the first Satellite Space Launch Center in México.

Blast Distant Focusing Overpressure (DFO) risk is one of the standard risks that are routinely analyzed and mitigated by Range Safety for Expendable Launch Vehicle (ELV) launches. The blast DFO risk, in terms of probability of casualty and casualty expectation, is calculated on the day of launch based on the prevailing meteorological conditions, and it is then compared against the pertinent launch commit criteria to determine the Range status, i.e. Green/Go vs. Red/No Go. While there are many inputs affect the blast DFO risk results, there is only one input that pertains to the launch vehicle itself. This input is called yield histogram. The yield histogram depends primarily on the launch vehicle configuration and contains information on the expected TNT equivalent yields and their respective probability of occurrence for different failure modes such as Malfunction Turns (MT), Loss-Of-Thrust (LOT), Catastrophic-On-Trajectory (COT), and Random Attitude (RA) failure modes. Typically, flight failures result in intact impacts of an entire launch vehicle, Flight Termination System (FTS) breakup, overpressure/explosion breakup, or aerodynamic breakup. With the exception of the intact impact response mode, other response modes are expected to violate at least one of the established mission limits that were designed to “trap” the launch vehicle when flying on an anomalous trajectory. These criteria are called trapping criteria. Examples of the standard trapping criteria are Present Position Azimuth Limits, Present Position Elevation Limits (destruct angles), Maximum Altitude, Minimum Altitude, Maximum Straight-Up Time, Q-Alpha Limit, and the Range Safety Officer (RSO) reaction time (used for trapping obviously erratic flights). Trapping criteria selection, development, and implementation require meticulousness, luculent understanding of the launch vehicle aerodynamics, awareness of the Range Safety implementation of mission rules, knowledge of the FTS, and cognizance of the launch vehicle propellant yield modeling. Since a more sever yield histogram translates to low launch availability, an accurate development of the yield histogram based on veridical trapping criteria should increase launch availability by eliminating undue conservatism and unnecessarily launch delays. This paper identifies the most significant trapping criteria, elucidates the interrelation between the trapping criteria and the severity of the yield histogram, and proves the direct effect of the trapping criteria on the yield histogram. Additionally, this paper will illustrate the notable parameters and assumptions that significantly affect the trapping criteria and the resultant breakup state vectors. Finally, recommendations will be offered to accurately develop yield histograms by selecting and implementing well-reasoned trapping criteria based on industry best practices to avoid overestimating or underestimating blast DFO risk.

Complex space, aeronautical and nuclear programs began to appear in the second part of the twentieth century and are associated with the emergence of sophisticated management and quality methods. The design, fabrication and operation of space systems, nuclear power plants and commercial aircraft require robust, high-performance quality systems. These quality systems are designed to achieve levels of quality which are in line with the criticality of every component (hardware or software). This involves risk analysis and hazard study techniques in particular. Based on this criticality assessment, suitable quality assurance plans are then defined and applied as each of these components are developed. Application of the policy has doubtlessly been a contributing factor to the impressive safety results achieved during the second half of the twentieth century, in areas such as nuclear safety, certification of transport aircraft and space launch safety regulations. However, applying these provisions has not prevented dramatic accidents from occurring on proven systems: the two space shuttle accidents and the failure of a Proton-M rocket in July 2013 are alarming examples that remind us that conformance is not a one-size-fits-all solution to every problem.

In 2010, NASA established the Commercial Crew Program in order to provide human access to the International Space Station and low earth orbit via the commercial (non-governmental) sector. A particular challenge to NASA is how to determine the commercial provider’s transportation system complies with Programmatic safety requirements while at the same time allowing the provider the flexibility to demonstrate compliance through alternate standards and methods.

Although well-established and used countless times successfully in support of certifying many different aircraft, there are still aspects of the safety assessment process commonly used in aviation which can be improved.

A lot of the methodology and the techniques used in aviation safety are applicable to other industries, including space. This paper highlights the good, the bad and the ugly of aviation safety based on the authors’ experience and makes proposals for lessons learned, the principles of which, can be read across to any domain. The complexity of today’s aviation programs is increasing, with the greater reliance on software and complex electronics and the greater number of work-sharing partners.

This means it is more important than ever before to take a pro-active approach and review the now-traditional safety assessment techniques / methods in order to maximize confidence, effectiveness and efficiency.

The International Association for the Advancement of Space Safety (IAASS) Suborbital Safety Technical Committee (SS TC) is represented by 20 individuals from Suborbital companies and IAASS members with related expertise, as well as ‘listening’ members from regulatory authorities/agencies. The SS TC has been working on safety guidelines to address the various ‘gaps’ and issues for the emerging Suborbital Industry. At the 6

th

IAASS Conference the SS TC presented the initial set of draft guidelines. These were ratified at a workshop in January 2013 and were produces as Issue 1 of the SS TC’s Guidance Manual. Since then the TC members have continued to work on the agreed next set of guidelines and these included: framework for suborbital vertical launch vehicles, suborbital survival systems & equipment, safety guidelines for hybrid propulsion systems, integration of suborbital flights into the Air Traffic Management System, suborbital pressure vessels and suborbital software/hardware requirements definition. This paper presents a summary of the Guidance Manual at (Draft) Issue 2.

Despite the NASA X-15 program’s outstanding success in developing and operating the first manned hypersonic research platform, the program suffered a fatal accident on November 15, 1967, when X-15-3, the only aircraft outfitted with advanced pilot displays and an adaptive flight control system, was lost after entering uncontrolled flight at an altitude of 230,000 feet and a velocity near Mach 5. The pilot, Major Michael J. Adams, was incapacitated by the aircraft accelerations and was killed either during the ensuing breakup or upon ground impact.

A comprehensive systems-level analysis of the accident is presented with a focus on the electrical power, flight control, and instrumentation failures that affected not only the vehicle dynamics but substantially impacted the pilot decisions that led to an inevitable loss of control. Recent analysis has yielded new conclusions about the reasons for the control system’s anomalous behavior and the system-level interactions and human-machine interface design oversights that led to the accident.

On August 27, 2014, the U.S. Federal Aviation Administration issued a document entitled “Recommended Practices for Human Space Flight Occupant Safety.” This paper discusses the approach the FAA used to develop the Recommended Practices document, the document’s scope and organization, some key concepts in the document, and some notable omissions. Lastly, the paper will discuss next steps.

The X-15 was a critical research vehicle in the early days of space flight. On November 15, 1967, the X-15-3 suffered an in-flight breakup. It was the 191st flight of the X-15 and the 65th flight of this third configuration (X-15-3). It was the only fatal accident of the X-15 program. This paper presents an analysis, from a human factors perspective, of the events that led up to the accident. The analysis is based on the information contained in the report of the Air Force-NASA Accident Investigation Board (AIB) dated January 1968. Although the X-15 accident occurred in 1967, the results of the presented analysis are as relevant today as they were 47 years ago. We present the main points of our analysis and discuss their implications for the safety of space operations.

A human factors team was tasked with assessing best practices for developing a crewed space vehicle that is both reliable and robust. The team identified two broad dimensions of human factors relevant to reliability and robustness, namely, the attributes of the product, and the processes used to develop the product. The “product” includes hardware, software, documentation, training systems, and procedures throughout all phases of the system life, including construction, testing, operation and maintenance. Three key attributes of the product are the extent to which task demands are within human capabilities, the capacity of the system to cope with human error, and the ability of the system to make use of unique human capabilities during non-routine situations. The “process” dimension of human factors relates to the human systems engineering program that starts in the early stages of design, and continues throughout the life of the system. There are, of course, no guarantees that a formal consideration of human factors throughout the design process will identify all the relevant human issues. However, in the absence of such a consideration, problems are virtually assured.

Testing of hardware and training of astronauts in space analog environments have been performed since the beginning of the space age. In the frame of planetary exploration, the so called Analog Planetary Research (APR) can be defined as the study of flight hardware, operational constraints, procedures and planning strategies on Earth in an environment that resembles (partly or fully) the conditions of the targeted planetary body. The findings and lessons learned from APR missions can be analyzed regarding mission concept, risks and constraints and the overall mission efficiency prior to launching a real space mission.

Here we want to demonstrate that APR is not only crucial for the scientific mission success or the reduction of mission costs, but also represents a key factor for the safety of robotic or crewed planetary surface exploration missions.

The ways robots provide valuable assistance to humans is foreseen to undergo rapid evolution in the years to come. Humans and robots working side by side represent one of the untapped potential for increased efficiency and quality in our society. To realize this potential we argue that today’s safety and reliability standards need to be rethought. This also holds true for future space exploration activities.

This paper will present and discuss how the methodology of “crisis intervention and operability analysis” (CRIOP), originating in the petroleum sector can be tailored to address safety, human dependability and performance (efficiency) in spaceflight human-robot interaction (HRI). The applicability of CRIOP [1] and experience from related approaches for safety and reliability in human-technology/automation interactions will be discussed. The methodology aims to increase resilient qualities of HRI by framing the interactions in holistic context from concept design to operations and maintenance. Preliminary work with development and testing of this methodology in the Moonwalk project are presented. Moonwalk [2] project aims to develop and validate new methods for teamwork between humans and robots for future planetary exploration. Consideration of the challenges to develop universal check-list and scenario analysis methods for the high diversity of foreseeable robot-human interactions and complexity of robot technical safety are explored.

This paper explores the adaptation of the International Space Station (ISS) Human Behaviour & Performance (HBP) Competency Model as an observation and debriefing aid during simulations in the ground segment of space operations. The model is currently employed to set the objectives of HBP training for ISS operations, and to aid observation of HBP skills during European Simulations. However, the model also represents a useful potential blueprint to address HBP issues in uncrewed space operations that, like crewed contexts, involve distributed mission control teams in multilateral settings.

After outlining the model and its current use, we report on the applicability of the HBP Model categories into the operational simulation context for three operational centres, the European Astronaut Centre in conjunction with Columbus Control Centre, and the European Space Operations Centre. We highlight related practical aspects of observing simulations and suggest further work.

In the absence of short-term spaceflight opportunities, astronauts find themselves involved in long term flights as their first exposure to space operations, within multicultural crews with which they have rarely spent more than a few consecutive hours together. This has prompted space agencies to identify opportunities for terrestrial analogue training events which foster expeditionary behavior and increase operational safety and efficiency. These training events shall recreate situations that are spaceflight analogue in terms of perception of risk, crew composition, isolation, confinement and at the same time provide a real opportunity for spaceflight-like operations, science, equipment testing, and exploration, in preparation of future planetary endeavours.

In this paper we analyze the specific case of safety issues and progression techniques training in underground and underwater environments employed in terrestrial analogues for astronaut training (e.g. ESA CAVES), and the similarities and differences with extra vehicular activity operations, and how training for similar operations allows to instill a

modus operandi

that promotes safe and effective behavior.

Now that the NASA Commercial Crew Program (CCP) is beginning its full certification contract for crew transportation to the International Space Station (ISS), is it time for industry to embrace a minimum set of core safety attributes? Those attributes can then be evolved into an industry-led set of basic safety standards and requirements.

The handling of hazardous liquids is not only an issue of spacecraft processing. Also for Life Sciences experiments on the ISS this challenge is a typical task.

Airbus DS GmbH is currently developing the biochemical analyser "Immunolab" for the DLR to provide real-time state-of-the art biochemical analysis of biological samples on board of the ISS. This system uses similar functionalities like a clinical laboratory. This includes the handling of liquid reagents up to THL-2 for the pre-analytical steps of the samples and the kit compounds. The quantitative concentration measurements are done by an imaging fluorescence-microscope. The total instrument has a size of about two shoe-boxes and most of the operations procedures are automated.

Reliability assessments and their processes have been implemented only recently in complex aircraft programs. The authors, during their combined time working in the aviation industry, have developed a comprehensive Design for Reliability process.

In today’s new complex aircraft programs, reliability helps:

to lower the life cycle cost of the product,

to enhance aircraft/system availability,

to enhance the design for aftermarket services

to inherently improve safety through the improvement of the aircraft/system failure rate

and to increase customer satisfaction

The reliability assessment process on complex aircraft program, starts at the concept phase and supports the program throughout all its stages. A systematic reliability analysis of existing and future technical systems is a paramount precondition to lower the program risks and increase the operational efficiency of the system.

This paper makes recommendations to space applications based on reliability practices utilized on aircraft programs that have been certified in recent years.

The NASA Engineering and Safety Center (NESC) is an independent engineering analysis and test organization providing support across the range of NASA programs. In 2007 NASA was developing the launch escape system for the Orion spacecraft that was evolved from the traditional tower-configuration escape systems used for the historic Mercury and Apollo spacecraft. The NESC was tasked, as a programmatic risk-reduction effort, to develop and flight test an alternative to the Orion baseline escape-system concept. This project became known as the Max Launch Abort System (MLAS), named in honor of Maxime Faget, the developer of the original Mercury escape system. Over the course of approximately 2 years, the NESC performed conceptual and tradeoff analyses, designed and built full-scale flight test hardware, and conducted a successful flight test demonstration in July 2009. Since the flight test, the NESC has continued to further develop and refine the MLAS concept.

The space community is nowadays aware of the space debris problems. In particular, the collision avoidance is a subject that is more and more studied. Moreover, the specific problematic of collision avoidance during the launch phase of a spacecraft should be studied carefully because there are specific constraints to consider during this period. Since 2010, The Technical Regulation (TR) associated to the French Space Operations Act (FSOA) requires an analysis of the collision probability between all objects launched from Kourou and every inhabited object in space. The main goal of this requirement is to protect the orbital manpower from any debris or body recently injected in orbit that could not have been catalogued and integrated in classical avoidance maneuver preparation. CNES has developed a specific tool to compute such a collision risk analysis at launch. This tool is used since 2010 for every launch from Kourou and is able to indicate to the operator the period of the launch window to be forbidden to avoid any collision. This paper introduces this tool and an operational feedback of its utilization since 2010.

The sun emits electromagnetic waves as well as particles, i.e. electrons and protons, and the term space weather covers all phenomena and issues related to these radiations. Space weather in general affects technical systems and therefore it has to be monitored. As well as normal weather does, space weather shows regular, but sometimes irregular behaviour, and in particular the latter can lead to significant threats to technical systems. The principal mission of the German Space Situational Awareness Center (GSSAC) is to provide a recognized space picture, which comprises the detection, prediction and assessment of hazards coming from space for the safety of systems and operations. This definitely includes space weather, since it has an enormous impact on satellites, satellite’s subsystem functionality, communication and GPS. In this regard the ionosphere has a key role. The ionosphere represents the state and the behaviour of space weather in a suitable way. Surveying the ionosphere, modelling and forecasting are important subjects at GSSAC. Hence, this presentation deals with the GSSAC activities on space weather monitoring, where first of all observation methods and modelling approaches are considered.

The economic, social and strategic impact of space-based services for Europe is unique. Therefore, the use and exploitation of space infrastructure is a key element underpinning the implementation of the European Union’s policies, as specified in the Lisbon Treaty [0]. The development of a European Space Situational Awareness capability will increase the protection of European space assets and its relative services.

The European Union Satellite Centre [0], through the “Support to the developmenT of a European SSA caPability” (STEP) project, has addressed concrete SSA-SST data policy topics aimed at facilitating the elaboration on coordinated information exchanges, data handling processes, operational interfaces and best practices for the implementation of an SSA capability in Europe.

Around the Earth there are more than ten million objects larger than 1 mm that can interfere with other orbiting spacecraft. In particular, objects larger than 1 cm are considered massive enough to seriously damage or even destroy a satellite in case of collision. The traditional piece-by-piece approach to study the evolution of debris objects cannot be applied to small fragments their number is so large that the computational time would be prohibitive. This work proposes an alternative method based on the computation of the fragment density, whose evolution in time under the effect of atmospheric drag can be obtained with the continuity equation. The fragment density can then be used to evaluate the resulting collision probability. In particular, the proposed method is here applied to evaluate the consequence of some reference breakups on a list of target objects. In addition, the low computational time allows simulating many collision scenarios with different collision conditions to understand which parameters have the largest effect on the risk for other spacecraft.

With risks of collision and electromagnetic interference increasing, space system operators pressure each other to operate systems more responsibly. Initial statements of these obligations are embodied in the Treaty on Principles Governing the Activities of States in the Exploration and Use of Outer Space, Including the Moon and Other Celestial Bodies, 1967, (the “Outer Space Treaty”) to which all spacefaring States have acceded. Three key principles in Article IX of that treaty—Cooperation, Mutual Assistance and Due Regard—and its Affirmative Duty to Consult serve as important starting points to assure spacecraft safety and preserve the outer space environment. With nearly 60 years of experience, generational technological improvements, and evolved operator best practices, this paper examines how spsace operator "duty of care" obligations are evolving in response to increasing risks. The paper discusses best practices and attributes of systems that could satisfy such obligations, to include current and future space operations

.

This paper presents the capabilities of a Space-Based Space Surveillance (SBSS) demonstration mission for Space Surveillance and Tracking (SST) based on a micro-satellite platform. The results have been produced in the frame of ESA’s "Assessment Study for Space Based Space Surveillance Demonstration Mission" performed by the Airbus Defence and Space consortium.

The assessment of SBSS in an SST system architecture has shown that both an operational SBSS and also already a well-designed space-based demonstrator can provide substantial performance in terms of surveillance and tracking of beyond-LEO objects. Especially the early deployment of a demonstrator, possible by using standard equipment, could boost initial operating capability and create a self-maintained object catalogue. Furthermore, unique statistical information about small-size LEO debris (mm size) can be collected in-situ.

The paper presents details of the system concept, candidate micro-satellite platforms, the instrument design and performance.

For the purpose of performing safety analysis and risk assessment for a potential off-nominal atmospheric reentry resulting in vehicle breakup, a synthesis of trajectory propagation coupled with thermal analysis and the evaluation of node failure is required to predict the sequence of events, the timeline, and the progressive demise of spacecraft components. To provide this capability, the Simulation for Prediction of Entry Article Demise (SPEAD) analysis tool was developed. The software and methodology have been validated against actual flights, telemetry data, and validated software, and safety/risk analyses were performed for various programs using SPEAD. This report discusses the capabilities, modeling, validation, and application of the SPEAD analysis tool.

The implementation of the European Space Code of Conduct and French Space Operation Act raised a requirement to reduce the probability of casualty risk to below 1E-4 from uncontrolled re-entries over inhabited areas. Otherwise, the re-entry shall be controlled by end of life disposal manoeuvre to target safe areas at 2E-5 risk.

The recent game-changing to achieve compliance have been observed on new missions (SWOT, LOFT, METOP-SG…) being obliged to switch from uncontrolled to controlled re-entry strategy. Based on the experience gained working with its customer THALES ALENIA Space, ALTRAN Technologies has formed an internal working group on this topic: Orbital Debris Atmospheric Re-entry (ODAR) and focus on Design for Demise (D4D), Controlled Re-entry (ACR) and research on innovative solutions.

The intention of this paper is to summarise current state of art on both techniques in order provide guidelines and recommendations to help in the trade-off for this issue:

Design for Demise impacts on S/C systems

Controlled Re-entry impacts effects on S/C systems

Trade-Off on S/C Critical Mass and orbit mission

The objective of the Spacecraft Aerothermal Model (SAM) destructive re-entry code is to provide a tool for the early stages of satellite design which delivers an improved balance between fidelity and performance over existing object and spacecraft oriented algorithms. With an evaluation time measured in minutes for Monte Carlo studies it is rapid enough to use in interactive design studies; whilst the inclusion of a six-degree-of-freedom predictive fragmentation model represents a significant advance over existing object oriented algorithms. This paper outlines the capabilities in SAM, and demonstrates them using a Delta II re-entry test case, providing both a verification against other established re-entry codes and an indication of how SAM can enable improved understanding of the differences between the re-entry codes. This in turn delivers improved understanding of the sensitivities of casualty risk aiding design for demise.

The monitoring and the analysis of uncontrolled atmospheric re-entry of orbital objects is one of the major areas of operation for the German Space Situational Awareness Centre (GSSAC). In the context of its risk management activities, GSSAC conducts re-entry analyses for hazardous objects. The analysis ranges from long-term forecast of re-entry trajectories to 24/7 re-entry prediction campaigns, basing on the characteristics of the objects and taking space weather effects and their influences on the Earths atmospheres dynamics into account. According to the National chain of reporting, analysis in form of reports and warnings are passed to relevant authorities. This paper outlines the ratio for a re-entry trajectory analysis as part of national risk management, highlights the mathematical and physical background of re-entry analysis at the GSSAC, and gives brief insight of typical operational procedures within the frame of re-entry campaigns.

In order to meet the specific requirements of civil protection authorities, since 2003 a set of tailored products has been developed and applied in Italy to define, a few days ahead of re-entry and in wide areas of interest, risk zones and corresponding alert time windows in the event of an uncontrolled satellite decay leading to undue debris impact hazard on the ground and in the overlying airspace. Based on the general properties of re-entries from nearly circular decaying orbits, on the results of detailed fragmentation analyses, when available, on standard re-entry prediction outputs, on specific simulations of endo-atmospheric debris dynamics, and on the basics of orbital motion with respect to the Earth, accurate re-entry tracks over the region(s) of interest are determined, with sufficiently conservative ground safety swaths, accounting for the sources of cross-track debris dispersion, and associated risk time windows, depending on debris flight time dispersion and residual trajectory along-track uncertainties. With the approaching re-entry and the consequent shrinking of the global uncertainty window, some of the risk zones and time windows identified in advance can be progressively discarded, leaving at most, until the end, one re-entry opportunity, but more often none, over a region the size of Italy. These products are easy to understand and are timely, accurate, unambiguous and remarkably stable, all qualities that render them particularly suitable for civil protection applications.

Spacecraft are typified by complex geometries meaning that predictive tools designed to assess entry, break up and ground casualty risk are not naturally suited to high fidelity modelling treatments (e.g. the CFD and FE analysis which are prevalent in the assessment of entry vehicle design and performance). Simplifying assumptions are inevitable and the consequences of these simplifying assumptions need to be investigated and quantified.

The present paper is concerned with the effect of these simplifying assumptions on ground casualty risk. Specifically we report on work concerning: (i) a discussion and appraisal of some current aeroheating models as implemented in well-known tools (ii) proposed potential improvements to existing models and (iii) novel approaches to aeroheating engineering modelling.

These topics are investigated in the framework of the recently developed Spacecraft Aerothermal Model tool (SAM) which can be configured to calculate ground casualty risk using varying degrees of aerothermal and break up model complexity. This allows us to investigate the sensitivity of ground casualty risk to simplifying assumptions. Parameter studies performed so far have highlighted the sensitivity of ground casualty risk to the treatment of fragment aeroheating. SAM has the option to calculate the aeroheating to fragments taking the component size, orientation and shape into account. This goes beyond simple panel inclination methodologies in common use, but is nonetheless based on established engineering correlations. As far as the authors are aware, such a methodology is not currently used by any of the well-known spacecraft breakup tools. The consequence of this novel treatment of fragment heating is the main topic of the current paper.

This paper reports on the application of uncertainty quantification methods to the prediction of the survivability of satellites re-entering the Earth atmosphere. Aleatory as well as epistemic parameters were varied. Parametric variation, Monte-Carlo, and Polynomial chaos expansion methods were applied. The re-entry code used was SCARAB. For the uncertainty quantification analysis this code was coupled with the DAKOTA software. Two satellites were modelled: a 2U CubeSat, representing the class of very light spececraft to study the demise characteristics, and a generic test satellite representing the class of medium-sized spacecraft, to study the ground impact uncertainty.

The CubeSat form factor of nano-satellite (a satellite with a mass between one and ten kilograms), has grown in popularity due to its ease of construction and low development and launch costs. In particular, its use as a student-led payload design project has increased due to the growing number of launch opportunities. Increasingly, CubeSats are deployed as secondary or tertiary payloads on U.S. commercial launch vehicles or from the International Space Station (ISS). The focus of this study will be on CubeSats launched from the ISS.

From a space safety standpoint, the development and deployment processes for CubeSats differ significantly from those of most satellites. For large satellites, extensive design reviews and documentation are completed, including assessing requirements associated with re-entry survivability. Typical CubeSat missions selected for ISS deployment have a less rigorous review process that may not evaluate aspects beyond overall design feasibility. CubeSat design teams often do not have the resources to ensure their design is compliant with re-entry risk requirements.

An analysis examined methods to easily identify the maximum amount of a given material that can be used in the construction of a CubeSat without posing harm to persons on the ground. The results demonstrate there is not a general equation for determining the maximum amount of mass that can be used for a given material. It is possible, however, to set a limit based on the object’s heat of ablation that can be used to decide if reentry analysis is needed for an object. In addition, the specific limits found for a number of generic materials, used previously as benchmarking materials for re-entry survivability analysis tool comparison, will be discussed.

Terrorists and catastrophic accidents have focused public attention on risks to aircraft and the flying public. We fear the possibility of a normal flight suddenly turning into a fiery nightmare.

Recently, as part of the Space Safety community's growing interest in re-entry safety, the IAASS created an initiative to be able to assess and manage the risks to aircraft from re-entering space debris. The Chelyabinsk meteor explosion over Russia and the resulting extensive damage provided an impetus to extend the scope of the study to re-entering meteoroids. Subsequent investigations have shown that significant meteoroid entries occur more frequently than previously thought.

Figure 1

Annual cumulative meteorite flux [16]

With any hazardous condition, the first approach is always containment, separation of the threat from people and assets that may be threatened. The feasibility of containment depends on the geographical and temporal extent of the threat. When these regions are large, the cost of containment must be balanced against the residual risk. The size of the regions to be protected must address the geo-temporal volume to be protected, the uncertainty in its location, and the time to isolate the region from the threat. Moreover, closure of large volumes of airspace is costly.

Quantification of risks supports the decision making process. It provides a basis for determining the value of imposing restrictions on aircraft flight when a re-entry event has been identified. It provides a basis for tradeoffs of greater restrictions versus the economic impact and the cost of greater congestion. It allows the risk to aircraft from re-entering space debris to be compared with the background risk of other types of aircraft accidents. Finally, it allows the risks generated by the re-entering space debris and meteoroids to various classes of people -- aircraft passengers, ships and persons on land -- to be compared to assess where resources should be placed.

This paper addresses the initial steps to quantify these risks. This paper is one of several characterizing the IAASS ADMIRE initiative.

Planning, integration and execution of space experiments are dependent on a complex division of tasks and responsibilities. Interfaces and coordination issues are explored according to four sets of dependencies (resource, sequential, simultaneity and task) and two main strategies for coordination (constitutive and concurrent). Managing complexity and resilience are considered.

Resilience is defined as the intrinsic ability of a system to adjust its function prior to, during, or following changes and disturbances, so that it can sustain required operations under both expected and unexpected conditions.

To minimalize the occurrence of loss of science, the management of preconditions for resilient performance is as crucial as the scientific issues in microgravity experiments on the International Space Station.

Successful experiments depend on the integration of such knowledge in complex environments.

A Martian surface nuclear reactor (MSNR) concept is under development by China Institute of Atomic Energy. The MSNR operates in the fast spectrum, using uranium dioxide fuel pins with sodium or lithium heat pipes for cooling. Stirling engines convert the energy transferred via heat pipes into electricity. Thermal power not converted by the stirling engines to electricity is removed by sodium heat pipes to the radiator. Reactivity is controlled by control drums. In order to minimize the overall weight of the system, Martian earth is used to build shield to protect humans from ionizing radiation from the core. This configuration has the advantages of compact, light weight, safe, and no single point of failure. The overall system efficient is 25% ~ 30%. The MSNR can produce reliable and safe 40 ~ 50 kWe for up to 8 years on Mars. More work is undergoing.

“Safety is No Accident” is certainly a forceful motto. But, due to the radical isolation and remoteness in which the crew and the assets of a manned Mars mission will be put, possible accidents should be given special consideration, whatever remotely their probability is pushed, in order to ensure the survivability and ultimate return of the crew. Most of the threatening scenarios can be relieved by sensible choices in the mission architecture (back-up operational modes) or implementation of specific emergency assets (e.g.caches).

Questions, connected with the research of complex influence of space factors on failures of onboard electronics of space crafts (SC) for different purposes are considered in that paper.

Failures of modules of memory on various SC are analyzed. Results of researching the mechanism of failures and errors of memory cells onboard manned systems taken into account of terrestrial simulated and onboard experiments are presented. Developed criteria of reliability of memory cells in Space, including influence of cosmic rays, differences of geophysical and geomagnetic situation on SC orbit are discussed.

Numerical value of vertical geomagnetic stiffness of proton flux and assessment of correlation failures of memory cells along low-orbit spacecrafts trajectory are presented.

Obtained results are used to forecasting the radiation situation along SC orbit, reliability of memory cells in the Space and to optimize nominal equipment kit and payload of Kazakhstan SC.

This work proposes a new "resilient redundancy" design.

While redundancy design is commonly believed to increase reliability of system, it could REDUCE it by the complexity and hidden common-mode errors introduced by the redundancy itself. [1][2]

Conventional "switch-over" redundancy management design inherently leads to discontinuity of control. Because of this discontinuity, system behavior could become unpredictable. Paradoxically, design efforts to prevent the discontinuity could make system even more unpredictable due to complexity introduced by "transient-special" control logic.

In this paper, we analyze the difference between conventional redundancy design and "nature's redundancy" such as the redundancy of right & left hands. Then a new redundancy design for the H-II Transfer Vehicle (HTV) is proposed. "Redundancy without backup string" concept will be described in detail. Although there are no backup strings, the system maintains mission capability against any combinations of two failures. The system redundancy is composed of non-identical triple strings all of which can operate either independently or jointly. The idea is based on Resilient Engineering. The goal is to realize a system to "adjust its functioning prior to, during, or following changes and disturbances" [3] in redundant manner, but without inviting unexpected behavior or control discontinuity.

Next, safety control architecture under the new redundancy design will be discussed. Conventional safety design often requires independent barriers in the system. Common implementation relies on multiple backup strings or independent safety devices. However, independent backup or safety devices can become a heavy load to the system because the unused backups will not contribute to the mission. As the result of it, safety and mission often conflict each other and it happens that mission capability needs to be compromised in order to protect safety and vice versa. By introducing the "redundancy without backup" policy, we propose to establish a new design paradigm where mission capability and safety can overcome that "zero-sum trade-off" relationship.

The flammability of materials is regarded as a critical design factor in the aerospace industry. Employing flammable materials, however, is inevitable sometimes in developing a launch vehicle. There are several common methods that can reduce the hazard of flammability, such as replacing flammable materials with non-flammable materials and blocking fire propagation paths by using non-flammable material covers. For the first step to ensure fire safety, flammability tests should be performed for the materials employed. In this regard, the materials of KSLV-I upper stage were tested in accordance with the NASA-STD-6001 and ECSS-Q-70-21 standards.

This paper shows how the materials were tested, what the results were, and how the abnormal findings were addressed. In addition, this paper also presents how a flammability test plan for fire safety of KSLV-II will be described.

The Japanese Experiment Module (JEM), "KIBO", is a part of the International Space Station (ISS). KIBO assemblies have been completed in 2008. There are several payloads on KIBO which provides experiment opportunities in a zero-gravity and in open space environment. The JAXA Human Space S&MA (JAXA S&MA) contribute the successful mission with safety not only during development phase but also operation phase as well. Though JAXA S&MA have a lot of operation experiences, these experiences are not necessarily made use of in the following activities. For example, the additional safety assessment is often needed for the newly identified safety risk, or the restricted safety controls may be limitation for the mission. JAXA S&MA think that the operation experiences are valuable data to improve the current activities. To assure more certain successful operation with safety, JAXA S&MA have started the analysis of the achieved experiences during JEM system operation.

A hazard analysis was made to identify potential hazards in Mechanical Ground Support Equipments (MGSE) for ARSAT-1, a geostationary communications satellite that will be operated by AR-SAT and constructed by INVAP. This analysis was made in order to identify possible hazards on these MGSE and their causes together with the hazard controls and safety verification methods. The safety relevant time includes ground operations.

The lack of consolidated databases for such devices (especially for the ones constructed ad-hoc by INVAP) related to probability of failure of mechanical components, make probabilistic analysis (such as FMECA, risk quantification) very difficult to quantify in terms of reliable data. Therefore, the probability of occurrence of a determined event is reduced adopting control measures to establish several safety barriers to avoid the hazard to occur.

Growth in commercial space transport requires predictable access through civil airspace. Determining the amount and duration of airspace disruption to accommodate launch and recovery activities is part of a safety analysis. While safety improvements in the development of commercial space vehicles can serve to minimize airspace disruption, certain policy questions about access and priority must be addresses in order to accommodate sustained operations. In doing so, the international community should seek balance between the competing demands of civil aviation and commercial space operators.

This paper begins with a summary of several key efforts by the US government to facilitate safe and efficient integration of air-traffic and space transportation activities in the aftermath of the

Columbia

accident. This paper describes impact tests sponsored by the Federal Aviation Administration (FAA) to help improve the fidelity of computational models used to quantify the vulnerability of commercial transport aircraft to potential launch or reentry vehicle debris impacts. Specifically, the FAA and the US Department of Defense funded a small series of tests to investigate the influence of obliquity on the velocity required for compact metal fragments (steel spheres and cubes between 1 and 9 grams) to perforate thin sheets of aircraft grade aluminum. This paper summarizes the testing done to determine the minimum velocities required to perforate aircraft skin at zero and 75 degrees of obliquity. This paper also describes how these test results can be used to refine elements of the models used to quantify the vulnerability of typical commercial transport aircraft to potential debris impacts.

For nearly 5 years now, the ELECTRA risk calculation model of falling debris to the public and the ELECTRA-ORESTE software package have been used by French space operators on launch and atmospheric re-entries to guarantee optimum safety for residents on the ground. Considerations on air traffic and the related risks have now to be developed, especially as planes fly over unpopulated areas such as oceans, so currently identified as safe. This is a subject of research privileged at CNES, whose role is to provide operators with the best practices in the calculation of risk for their space operations.

Risk calculation model of falling debris to air traffic can be based, on simplified approach, on the same principles as those used for risk calculation to the public and comes up against the same problems: how to obtain the most precise knowledge of the re-entry zone and the aircraft distribution in this zone? How to determine the casualty volume, linked to the trajectories and the size of objects? How to predict the effect of an impact, considering the key factors of airplane vulnerability?

The work engaged in 2014 concerned the first question: the numerical modelization of the world air distribution. This article aims to show the first air traffic density grid produced at CNES, based on recent OACI data collected and computed by the technology transfer centre SERTIT. The choice of data sources and the limits of the modelization have been developed. We will on conclusion present a possible basic risk calculation model and a numerical implementation on a realistic space re-entry.