The importance of dissimilar redundancy for safety in future space vehicle design

Abstract

As the human space flight industry continues to expand at a rapid pace, the inherent risks of space travel remain unchanged. An emerging property in this new era is the increased use of performance-based requirements to minimize risks in lieu of heritage prescriptive requirements. One element of this new approach is a movement toward reliability and risk calculations in place of prescriptive failure tolerance and dissimilar redundancy requirements.This paper examines this new trend through the lens of historical lessons learned that drove failure tolerance and dissimilar redundancy in past human spaceflight programs. An important historical case to examine is the use of dissimilar redundancy in the design for the Apollo missions. There are two standout examples in the Apollo mission architecture: the Lunar Module (LM) lifeboat contingency and the abort scenarios during LM Descent and Landing (DL). Through these two examples we can understand how dissimilar redundancy was achieved to mitigate the risk of loss of crew, and the penalties that came along with these design decisions. We then compare these examples with new ideas about redundancy and established practices in other industries, like commercial aviation.Finally, we evaluate how these trades made in aeronautics can inform the next generation of designs in astronautics and how future programs can evaluate the added complexity and mass impacts of redundancy with the safety advantages that redundancy brings to modern spaceflight designs.