Safety panel has “great concern” about NASA plans to test Moon mission software

Teams at NASA's Michoud Assembly Facility move the Core Stage toward a barge in January that will carry it to a test stand in Mississippi.
Enlarge / Teams at NASA’s Michoud Assembly Facility move the Core Stage toward a barge in January that will carry it to a test stand in Mississippi.


An independent panel that assesses the safety of NASA activities has raised serious questions about the space agency’s plan to test flight software for its Moon missions.

During a Thursday meeting of the Aerospace Safety Advisory Panel, one of its members, former NASA Flight Director Paul Hill, outlined the panel’s concerns after speaking with managers for NASA’s first three Artemis missions. This includes a test flight of the Space Launch System rocket and Orion spacecraft for Artemis I, and then human flights on the Artemis II and III missions.

Hill said the safety panel was apprehensive about the lack of “end-to-end” testing of the software and hardware used during these missions, from launch through landing. Such comprehensive testing ensures that the flight software is compatible across different vehicles and in a number of different environments, including the turbulence of launch and maneuvers in space.

“The panel has great concern about the end-to-end integrated test capability plans, especially for flight software,” Hill said. “There is no end-to-end integrated avionics and software test capability. Instead, multiple and separate labs, emulators, and simulations are being used to test subsets of the software.”

The safety panel also was struggling to understand why, apparently, NASA had not learned its lessons from the recent failed test flight of Boeing’s Starliner spacecraft, Hill said. (Boeing is also the primary contractor for the Space Launch System rocket’s core stage).

Prior to a test flight of the Starliner crew capsule in December 2019, Boeing did not run integrated, end-to-end tests for the mission that was supposed to dock with the International Space Station. Instead of running a software test that encompassed the roughly 48-hour period from launch through docking to the station, Boeing broke the test into chunks. As a result, the spacecraft was nearly lost on two occasions and did not complete its primary objective of reaching the orbiting laboratory.

Lessons learned

Hill referred to a proprietary report by the NASA Engineering and Safety Center (NESC), published on September 8, which raised similar concerns about trying to run software tests across multiple centers and labs.

“It is not evident to the panelists their current plan and processes take advantage of their lessons learned,” Hill said. “The NESC report makes the excellent point that as much as possible flight systems should be developed for success with a goal to test like you fly in the same way that NASA’s operations teams train the way you fly, and fly the way you train.”

In response to these concerns, a NASA spokeswoman said the agency would, in fact, be conducting end-to-end testing—although she acknowledged it would be done across multiple facilities.

“NASA is conducting integrated end-to-end testing for the software, hardware, avionics, and integrated systems needed to fly Artemis missions,” said Kathryn Hambleton. “Using the agency’s sophisticated software development laboratories, teams from SLS, Orion, and Exploration Ground Systems use actual flight hardware and software, as well as emulators—versions of the software that each team employs to test their code and how it works with the whole integrated system—to support both system-level interface testing and integrated mission testing to ensure the software and avionics systems work together.”

After the Starliner mishap, she said, the NASA chief engineer established an independent review team to assess all Artemis I critical flight and ground software activities. Those recommendations have been folded into preparing for the upcoming Artemis missions, which may begin flying in late 2021, or 2022.

Source Article