Incident: Virgin Galactic SpaceShipTwo Crash Due to Human Error.

Published Date: 2015-07-28

Postmortem Analysis
Timeline 1. The software failure incident involving the disintegration of Virgin Galactic's space plane during a test flight happened on October 31, 2014 [31124, 37664].
System The software failure incident in the reported news articles did not involve a software failure. Therefore, the specific system(s) that failed cannot be determined from the provided articles.
Responsible Organization 1. Scaled Composites [37664] 2. Federal Aviation Administration (FAA) [37664]
Impacted Organization 1. Virgin Galactic [31124, 37664] 2. National Transportation Safety Board [31124, 37664] 3. Federal Aviation Administration [37664]
Software Causes 1. unknown
Non-software Causes 1. Premature deployment of the ship's feathered tail system during a test flight over southern California led to the disintegration of Virgin Galactic's spaceship, resulting in one pilot being killed and the other surviving with significant injuries [31124]. 2. The co-pilot of the Virgin Galactic space plane released the feather lock too early during a test flight, causing the tail booms to pivot upward and the craft to break apart, leading to the fatal disintegration of the space plane [37664]. 3. The safety issues that arose were attributed to human factors, specifically the mistake made by the co-pilot in releasing the feather lock at the wrong speed, rather than mechanical failure or health problems [37664].
Impacts 1. The software failure incident led to the disintegration of the Virgin Galactic space plane during a test flight, resulting in the death of one pilot and significant injuries to the other pilot [31124]. 2. The incident caused a delay in Virgin Galactic's commercial space flights that were tentatively scheduled for 2015 [31124]. 3. The National Transportation Safety Board strongly criticized the company for not building safeguards into the controls and procedures, highlighting safety issues that arose from human factors and lack of proper warnings in the operating handbook [37664]. 4. The safety board laid the primary blame on Scaled Composites for failing to consider and protect against the possibility of a single human error leading to a catastrophic hazard to the SpaceShipTwo vehicle [37664]. 5. The incident resulted in the grounding of Virgin Galactic's spacecraft, halting testing until a new version of SpaceShipTwo could be completed [31124, 37664].
Preventions 1. Implementing safeguards into the controls and procedures of the SpaceShipTwo craft to prevent human errors, such as the premature release of the feather lock by the co-pilot [37664]. 2. Including warnings in the operating handbook and adding mechanisms to ensure critical procedures are followed correctly to avoid catastrophic consequences [37664]. 3. Enhancing pilot training and ensuring a robust system design that minimizes the reliance on human actions for critical operations [37664].
Fixes 1. Implement safeguards into the controls and procedures to prevent human errors that could lead to catastrophic consequences [37664]. 2. Enhance training for pilots to ensure they follow specified procedures correctly, especially in critical moments during the flight [37664]. 3. Conduct a thorough analysis of human factors and potential failure scenarios to address vulnerabilities in the system [37664]. 4. Include warnings in operating handbooks and add mechanisms to prevent critical actions from being taken prematurely [37664]. 5. Review and improve safety culture within the organization to prioritize safety in all aspects of operations [31124, 37664].
References 1. National Transportation Safety Board [Article 31124, Article 37664] 2. Federal Aviation Administration [Article 37664] 3. Scaled Composites [Article 31124, Article 37664] 4. Virgin Galactic [Article 31124, Article 37664]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident having happened again at one_organization: - The incident involving the fatal disintegration of Virgin Galactic's space plane during a test flight in October was caused by a single mistake by the co-pilot, leading to the premature release of the feather lock mechanism [37664]. - The incident highlighted a failure in the design and procedures of the controls, indicating a lack of safeguards in place to prevent such human errors [37664]. (b) The software failure incident having happened again at multiple_organization: - There is no specific mention in the provided articles about a similar incident happening at other organizations or with their products and services.
Phase (Design/Operation) design, operation (a) In the software failure incident related to the Virgin Galactic space plane crash during a test flight, the National Transportation Safety Board (NTSB) strongly criticized the company that designed and manufactured the plane for not building safeguards into the controls and procedures. The NTSB highlighted that the company, Scaled Composites, did not include a warning in the operating handbook or add a mechanism to prevent the premature release of the feathering mechanism, which was a critical factor leading to the fatal disintegration of the space plane [37664]. (b) The operation-related contributing factor in the software failure incident was the co-pilot's mistake of releasing the feather lock too early during the flight, causing the tail booms to pivot upward and leading to the disintegration of the craft. The NTSB emphasized that the primary blame for the incident was on Scaled Composites for failing to consider and protect against the possibility that a single human error could result in a catastrophic hazard to the SpaceShipTwo vehicle [37664].
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident related to the Virgin Galactic space plane disintegration during a test flight was primarily attributed to a single mistake by the co-pilot, who released the feather lock too early, causing the tail booms to pivot upward and the craft to break apart [37664]. The failure was a result of human error within the system, specifically the lack of safeguards in the controls and procedures of the SpaceShipTwo designed by Scaled Composites [37664]. (b) outside_system: The investigation into the software failure incident involved external factors such as the role of the Federal Aviation Administration (FAA) in overseeing issues that could lead to pilot errors and the granting of waivers to permit requirements for operating SpaceShipTwo [37664]. The external oversight and regulatory actions were also scrutinized in relation to the software failure incident.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: - The incident involving the disintegration of Virgin Galactic's SpaceShipTwo during a test flight was primarily attributed to a single mistake by the co-pilot, Michael Alsbury, who released the feather lock too early at the speed of Mach 0.82 instead of waiting until Mach 1.4 as specified in the procedure [37664]. - The failure was a result of the premature deployment of the ship's feathered tail system, which helps the craft orient itself properly before starting its descent. This was considered a contributing factor introduced without human participation [31124]. (b) The software failure incident occurring due to human actions: - The National Transportation Safety Board strongly criticized Scaled Composites for not building safeguards into the controls and procedures of SpaceShipTwo, leading to the fatal disintegration of the space plane due to a single mistake by the co-pilot [37664]. - The co-pilot, Michael Alsbury, was responsible for releasing the feather lock too early, which led to the craft breaking apart. This mistake was attributed to human error in following the correct procedures during the test flight [37664].
Dimension (Hardware/Software) hardware (a) The software failure incident occurring due to hardware: - The incident involving the disintegration of Virgin Galactic's SpaceShipTwo during a test flight was primarily attributed to a single mistake by the co-pilot, who released the feather lock too early, causing the tail booms to pivot upward and the craft to break apart [37664]. - The National Transportation Safety Board concluded that the company, Scaled Composites, failed to consider and protect against the possibility that a single human error could result in a catastrophic hazard to the SpaceShipTwo vehicle, indicating a hardware-related failure in terms of safety measures [37664]. (b) The software failure incident occurring due to software: - The incident was not directly attributed to a software failure originating in the software itself. The primary cause was identified as a human error in releasing the feather lock too early, leading to the disintegration of the spacecraft [37664]. - The investigation focused on human factors, training issues, and safety culture rather than software-related issues [31124, 37664].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident in the articles is non-malicious. The incident was caused by a single mistake made by the co-pilot during a test flight of the Virgin Galactic space plane, leading to the fatal disintegration of the craft [37664]. The mistake involved the premature release of the feather lock at a lower speed than specified in the procedure, causing the tail booms to pivot upward and the craft to break apart [37664]. (b) The incident was not attributed to any malicious intent or actions but rather to a human error in following the correct procedures during the flight test.
Intent (Poor/Accidental Decisions) poor_decisions, accidental_decisions (a) The intent of the software failure incident was due to poor_decisions. The incident was caused by a single mistake made by the co-pilot during a test flight of the Virgin Galactic space plane. The co-pilot released the feather lock at a speed of Mach 0.82 instead of waiting until Mach 1.4 as specified in the procedure, leading to the disintegration of the craft [37664]. (b) Additionally, the incident was also influenced by accidental_decisions as the co-pilot's action of releasing the feather lock too early was described as a human error rather than a mechanical malfunction. The safety board highlighted the failure of Scaled Composites to consider and protect against the possibility of a single human error leading to catastrophic consequences [37664].
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident occurring due to development incompetence: - The National Transportation Safety Board strongly criticized the company that designed and manufactured the SpaceShipTwo plane for not building safeguards into the controls and procedures, indicating a lack of professional competence in considering potential failure scenarios [37664]. - Scaled Composites, the company responsible for developing the SpaceShipTwo, failed to consider and protect against the possibility that a single human error could result in a catastrophic hazard to the vehicle, highlighting a lack of thorough risk assessment and mitigation strategies [37664]. (b) The software failure incident occurring accidentally: - The fatal disintegration of the Virgin Galactic space plane during a test flight was attributed to a single mistake by the co-pilot, who released the feather lock too early, causing the craft to break apart [37664]. - The co-pilot's early release of the feather lock was described as a human error that led to the catastrophic failure, indicating an accidental action rather than a deliberate one [37664].
Duration unknown The software failure incident related to the Virgin Galactic space plane disintegration during a test flight was not directly attributed to a software failure. The incident was primarily caused by a human error where the co-pilot mistakenly unlocked the feathering mechanism too early, leading to the fatal disintegration of the craft [37664]. The investigation focused on human factors, pilot training, design of controls, and lack of safeguards in the procedures rather than a software failure. Therefore, the incident did not involve a software failure of either permanent or temporary nature.
Behaviour crash, omission, timing, value, other (a) crash: The software failure incident in the articles can be categorized as a crash. The incident involved the disintegration of the Virgin Galactic space plane during a test flight, resulting in a fatal outcome [37664]. (b) omission: The software failure incident can also be categorized as an omission. The co-pilot made a mistake by releasing the feather lock too early, which led to the catastrophic failure of the craft. This omission of following the correct procedure resulted in the disintegration of the space plane [37664]. (c) timing: The timing of the software failure incident is also relevant. The co-pilot released the feather lock at a speed of Mach 0.82 instead of waiting until Mach 1.4 as specified in the procedure. This timing error caused the tail booms to pivot upward, leading to the crash [37664]. (d) value: The software failure incident can be associated with a failure in value. The incorrect action of the co-pilot in releasing the feather lock too early resulted in the system not performing its intended function correctly, leading to the fatal disintegration of the space plane [37664]. (e) byzantine: The software failure incident does not align with a byzantine behavior as described in the articles. There were no mentions of inconsistent responses or interactions in the context of the incident. (f) other: The other behavior observed in the software failure incident is the failure due to the lack of safeguards in the controls and procedures of the space plane. The National Transportation Safety Board criticized the company for not building safeguards into the controls and procedures, which contributed to the fatal outcome of the incident [37664].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence death, harm (a) death: The consequence of the software failure incident was the death of one of the pilots, Michael Alsbury, during the test flight of Virgin Galactic's SpaceShipTwo [31124, 37664].
Domain information, transportation, knowledge (a) The failed system was intended to support the industry of information, specifically related to the production and distribution of information. The incident involved Virgin Galactic's SpaceShipTwo, which was part of a test flight program aiming to put wealthy customers into space for a few minutes of weightlessness [31124]. (b) The failed system was also intended to support the transportation industry, specifically in moving people. The SpaceShipTwo was designed to be carried aloft under a larger aircraft, then dropped before its rocket ignites and propels it upward, providing a means of transportation to the edge of space for tourists [37664]. (m) The failed system was not directly related to any other industry mentioned in the options provided.

Sources

Back to List