Incident: Juno Spacecraft's Main Computer Failure Impacts Jupiter Observation Mission

Published Date: 2016-10-20

Postmortem Analysis
Timeline 1. The software failure incident with NASA's Juno spacecraft happened on Tuesday, October 18, as mentioned in Article 48578.
System 1. Software performance monitor induced a reboot of the spacecraft's onboard computer [48578] 2. Pair of valves in the spacecraft's propulsion system didn't work as expected [48578]
Responsible Organization 1. The software performance monitor induced a reboot of the spacecraft's onboard computer, causing the software failure incident [48578].
Impacted Organization 1. NASA's Juno spacecraft [48578]
Software Causes 1. The software performance monitor induced a reboot of the spacecraft's onboard computer, leading to the spacecraft entering safe mode [48578]. 2. The safe mode turned off instruments and a few non-critical spacecraft components due to the onboard computer perceiving conditions were not as expected [48578].
Non-software Causes 1. The Juno spacecraft's main computer and science instruments were lost, leading to the failure incident near Jupiter [48578]. 2. The ESA's Mars lander, Schiaparelli probe, also faced a failure on the red planet, possibly due to the parachute jettisoning too early [48578].
Impacts 1. The software failure incident on NASA's Juno spacecraft resulted in the loss of the main computer and science instruments, leading to the cancellation of highly anticipated close-up observations of Jupiter [48578]. 2. The incident caused Juno to enter safe mode, turning off instruments and non-critical spacecraft components, delaying the planned observations until at least Dec. 11 [48578]. 3. NASA had to postpone shifting Juno into a tighter orbit around Jupiter, impacting the original mission plans [48578].
Preventions 1. Implementing more rigorous testing procedures for the software performance monitor to catch any potential issues before they lead to a reboot of the spacecraft's onboard computer [48578]. 2. Conducting thorough reviews and audits of the spacecraft's software systems to identify and address any vulnerabilities or weaknesses that could trigger a safe mode entry [48578]. 3. Enhancing the spacecraft's software monitoring and diagnostic capabilities to provide early warnings and preventive measures in case of software anomalies [48578].
Fixes 1. Conduct a thorough investigation to determine the root cause of the software failure incident [48578]. 2. Implement necessary changes to the software performance monitor to prevent inducing reboots of the spacecraft's onboard computer [48578]. 3. Address any unrelated problems that may have contributed to the software failure incident, such as the propulsion system issue [48578].
References 1. NASA's official statement [48578] 2. Rick Nybakken, Juno project manager from NASA's Jet Propulsion Laboratory [48578]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident having happened again at one_organization: - NASA's Juno spacecraft experienced a software performance monitor-induced reboot of the spacecraft's onboard computer, leading it to enter safe mode [48578]. - This incident was the second setback in less than a week for the Juno spacecraft, as the propulsion system had an unrelated problem the week before, causing a postponement of an engine firing [48578]. (b) The software failure incident having happened again at multiple_organization: - There is no information in the provided article to suggest that a similar software failure incident has happened at other organizations or with their products and services.
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be seen in the article where it mentions that the Juno spacecraft entered safe mode due to a software performance monitor inducing a reboot of the spacecraft's onboard computer [48578]. This indicates that there was a design flaw or issue in the software performance monitor that led to the spacecraft entering safe mode. (b) The software failure incident related to the operation phase is evident in the article where it states that the safe mode turned off instruments and a few non-critical spacecraft components, confirming that the spacecraft was pointed toward the sun to ensure the solar arrays received power [48578]. This shows that the operation of the spacecraft was affected by the software failure incident, leading to certain components being turned off for safety reasons.
Boundary (Internal/External) within_system (a) within_system: - The software failure incident related to the Juno spacecraft losing its main computer and science instruments was caused by a software performance monitor inducing a reboot of the spacecraft's onboard computer [48578]. - The spacecraft entered safe mode due to the onboard computer perceiving conditions were not as expected, which turned off instruments and non-critical spacecraft components [48578]. - The glitch that led to the software failure followed an unrelated problem with the propulsion system, which prompted the skipping of firing Juno's braking engine [48578].
Nature (Human/Non-human) non-human_actions (a) The software failure incident occurring due to non-human actions: - The software failure incident with NASA's Juno spacecraft entering safe mode was due to a software performance monitor inducing a reboot of the spacecraft's onboard computer [48578]. - The safe mode turned off instruments and non-critical spacecraft components, confirming the spacecraft was pointed toward the sun to ensure the solar arrays received power [48578]. (b) The software failure incident occurring due to human actions: - There is no specific mention in the articles about the software failure incident being caused by contributing factors introduced by human actions.
Dimension (Hardware/Software) hardware, software (a) The software failure incident occurring due to hardware: - The Juno spacecraft entered safe mode due to a software performance monitor inducing a reboot of the spacecraft's onboard computer [48578]. - An unrelated problem last week prompted NASA to skip firing Juno's braking engine, which was a hardware issue related to a pair of valves in the spacecraft's propulsion system not working as expected [48578]. (b) The software failure incident occurring due to software: - The software performance monitor induced a reboot of the spacecraft's onboard computer, leading to the spacecraft entering safe mode [48578].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident related to the Juno spacecraft losing its main computer and science instruments shortly before its orbital pass near Jupiter was non-malicious. The incident was attributed to a software performance monitor inducing a reboot of the spacecraft's onboard computer, which led to the spacecraft entering safe mode [48578].
Intent (Poor/Accidental Decisions) accidental_decisions (a) The software failure incident related to the Juno spacecraft losing its main computer and science instruments shortly before a close orbital pass near Jupiter was not due to poor decisions but rather to accidental factors. The incident was attributed to a software performance monitor inducing a reboot of the spacecraft's onboard computer, leading to the spacecraft entering safe mode [48578]. This was described as an accidental event rather than a result of poor decisions.
Capability (Incompetence/Accidental) accidental (a) The software failure incident related to development incompetence is not explicitly mentioned in the provided articles. Therefore, it is unknown whether the failure was due to contributing factors introduced due to lack of professional competence by humans or the development organization. (b) The software failure incident related to accidental factors is mentioned in the articles. NASA's Juno spacecraft entered safe mode due to a software performance monitor inducing a reboot of the spacecraft's onboard computer. This incident was described as an accidental software failure [48578].
Duration temporary (a) The software failure incident related to the Juno spacecraft entering safe mode was temporary. The incident occurred due to a software performance monitor inducing a reboot of the spacecraft's onboard computer, leading to the spacecraft entering safe mode [48578]. The safe mode turned off instruments and non-critical spacecraft components, confirming that the spacecraft was healthy and pointed toward the sun to ensure the solar arrays received power. The incident was a setback for the mission, but the spacecraft was designed to enter safe mode if conditions were not as expected, indicating a temporary nature of the failure.
Behaviour crash, omission, other (a) crash: The software failure incident related to the Juno spacecraft entering safe mode was due to a software performance monitor inducing a reboot of the spacecraft's onboard computer, causing it to lose its main computer and science instruments [48578]. (b) omission: The software failure incident led to the omission of the planned close-up observations of Jupiter as the spacecraft lost its main computer and science instruments, impacting the scheduled flyby and data collection [48578]. (c) timing: The software failure incident occurred 13 hours before the close encounter with Jupiter, causing a delay in the observation plans until the next close pass by Jupiter on December 11 [48578]. (d) value: The software failure incident did not involve the system performing its intended functions incorrectly but rather losing its main computer and science instruments, affecting the data collection and observation plans [48578]. (e) byzantine: There is no indication in the provided article that the software failure incident exhibited behaviors of inconsistency or erroneous responses, suggesting that the failure was more related to a system crash and loss of functionality [48578]. (f) other: The software failure incident also led to the spacecraft entering safe mode, turning off instruments and non-critical spacecraft components, and confirming the spacecraft's orientation towards the sun to ensure power supply, indicating a protective response to the failure [48578].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, delay, non-human, theoretical_consequence (a) death: People lost their lives due to the software failure - There is no mention of any loss of life due to the software failure incident reported in the articles [48578]. (b) harm: People were physically harmed due to the software failure - There is no mention of any physical harm to people due to the software failure incident reported in the articles [48578]. (c) basic: People's access to food or shelter was impacted because of the software failure - There is no mention of people's access to food or shelter being impacted due to the software failure incident reported in the articles [48578]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident involving NASA's Juno spacecraft losing its main computer and science instruments did impact the mission's plans for close-up observations of Jupiter [48578]. (e) delay: People had to postpone an activity due to the software failure - The software failure incident caused a delay in the planned close-up observations of Jupiter by the Juno spacecraft until at least December 11 [48578]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident affected the Juno spacecraft's ability to conduct close observations of Jupiter and map its magnetic fields [48578]. (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident did have consequences on the Juno spacecraft's mission objectives and observations of Jupiter [48578]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The articles mention that the mission goals of the Juno spacecraft were not impacted significantly by the software failure incident, as critical measurements could still be taken during close flybys of Jupiter [48578]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - There are no other consequences mentioned in the articles beyond the impact on the mission objectives and observations of Jupiter due to the software failure incident [48578].
Domain knowledge (a) The failed system was intended to support the industry of knowledge, specifically space exploration. The software failure incident involved NASA's Juno spacecraft, which was on a mission to explore Jupiter's poles, atmosphere, and interior [48578].

Sources

Back to List