[Federal Register Volume 75, Number 233 (Monday, December 6, 2010)]
[Rules and Regulations]
[Pages 75621-75624]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-30399]
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 431
Office of Commercial Space Transportation; Waiver of Autonomous
Reentry Restriction for a Reentry Vehicle
AGENCY: Federal Aviation Administration (FAA), DOT.
ACTION: Notice of waiver.
-----------------------------------------------------------------------
[[Page 75622]]
SUMMARY: This notice of waiver concerns two petitions for waiver
submitted to the Federal Aviation Administration (FAA) by Space
Exploration Technologies Corp. (SpaceX): A petition to waive the
requirement that a waiver petition be submitted at least sixty days
before the proposed effective date of the waiver, and a petition to
waive the requirement that SpaceX only initiate reentry of its reentry
vehicle, the Dragon Spacecraft (Dragon), by command. The first petition
is unnecessary because, as explained below, SpaceX demonstrated good
cause for its late filing. The FAA finds that waiving the requirement
for SpaceX ground operators to initiate Dragon's reentry to Earth is in
the public interest and will not jeopardize public health and safety,
safety of property, and national security and foreign policy interests
of the United States.
FOR FURTHER INFORMATION CONTACT: For technical questions concerning
this waiver contact Howard Searight, Aerospace Engineer, AST-200,
Office of Commercial Space Transportation (AST), Federal Aviation
Administration, 800 Independence Avenue, SW., Washington, DC 20591;
telephone (202) 267-7927; e-mail: [email protected]. For legal
questions concerning this waiver contact Laura Montgomery, Senior
Attorney for Commercial Space Transportation, AGC-200, Office of the
Chief Counsel, Regulations Division, Federal Aviation Administration,
800 Independence Avenue, SW., Washington, DC 20591; telephone (202)
267-3150; e-mail: [email protected].
SUPPLEMENTARY INFORMATION:
Background: On September 23, 2010, SpaceX requested two waivers
from the FAA's Office of Commercial Space Transportation (AST) for the
reentry of Dragon, a reentry vehicle, to be launched on Falcon 9 flight
002. First, SpaceX requested a waiver of procedural requirements for
waivers set forth at 14 CFR 404.3. Second, SpaceX requested a waiver of
14 CFR 431.43(e)\1\ to allow autonomous reentry.\2\
---------------------------------------------------------------------------
\1\ Even though Dragon is a reentry vehicle and not a reusable
launch vehicle, 14 CFR 435.33 incorporates and applies section
431.43 to all reentry vehicles.
\2\ SpaceX stated that autonomous reentry would only be used in
off-nominal circumstances, and the regulation prevents autonomous
reentry only for nominal circumstances, thus rendering a waiver
unnecessary. This interpretation of the regulation conflicts with
the regulation's requirement that an operator only initiate reentry
by command as described in the preamble to the proposed rule. There,
the FAA expressed its concern that authorizing reentry of totally
autonomous vehicles would not fulfill adequately its public safety
responsibility. Without active control, those systems and conditions
necessary for safe reentry would not be verified before reentry was
initiated Commercial Space Transportation Reusable Launch Vehicle
and Reentry Licensing Regulations, 64 FR 19626, 19645 (Apr. 21,
1999) (Reentry NPRM). Because it was the FAA's intent that the
regulations ensure human control capability upon reentry, SpaceX's
petition is a request for a waiver.
---------------------------------------------------------------------------
The FAA licenses, in relevant part, the launch of a launch vehicle,
and reentry of a reentry vehicle under authority granted to the
Secretary of Transportation by 49 U.S.C. Subtitle IX, chapter 701
(Chapter 701), and delegated to the FAA's Administrator and Associate
Administrator for Commercial Space Transportation.
SpaceX is a private commercial space flight company. It entered
into a Space Act Agreement with the National Aeronautics and Space
Administration (NASA) as part of NASA's Commercial Orbital
Transportation Services (COTS) program. The COTS program is designed to
stimulate efforts within the private sector to demonstrate safe,
reliable, and cost-effective space transportation to the International
Space Station.
SpaceX's petition for waiver concerns an upcoming demonstration
flight that it plans to undertake as part of the COTS program. At the
time of the filing of the petition, the launch for that flight was
scheduled to take place on November 8, 2010. During the flight,
SpaceX's Falcon 9 vehicle will launch the Dragon reentry vehicle into
orbit. Dragon is a reentry vehicle whose capability SpaceX plans to
demonstrate for NASA. Ultimately, SpaceX intends to use Dragon to
transport cargo and people to and from the International Space Station.
Once Dragon is in orbit, a ground-implemented health check will be
carried out by telemetry. SpaceX has designed the Dragon capsule to
remain in orbit until SpaceX ground operators transmit a reentry
command. A ground operator can issue commands to either enable or
disable the reentry of Dragon based on the health of the vehicle.
Dragon is also able to conduct an autonomous health check. Propellant
and power levels are the key variables used by ground operators in
determining whether to issue commands to reenter or stay in orbit, and
the same variables would be used by the vehicle in its onboard health
check. The onboard health check is designed to check time-dependent
variables to ensure the health and functionality of the propellant,
power and avionics sub-systems. Based on these evaluations, Dragon is
able to determine whether it is healthy. On the ground, the reentry
team can read the raw data and establish for themselves whether Dragon
is healthy. Dragon's onboard health check is designed to replicate the
decision-making process of the ground operators with respect to time-
dependent failures, which are, in Dragon's case, the full depletion of
power and propellant. If Dragon's communications failed and the vehicle
passed the onboard health check, Dragon would reenter autonomously.
Once Dragon passes a ground-implemented health check, ground
operators will issue a reentry command. After ground operators issue
the reentry command, Dragon will wait until the point in space at which
the reentry burn initiation is planned before initiating reentry.
Dragon will reenter, deploy three parachutes and splash down. A nominal
Dragon reentry splashes down in the Pacific Ocean off the coast of
southern California with some propellants on board.
If an anomaly occurs after the issuance of the reentry command,
ground operators can issue a command that disables reentry. SpaceX is
concerned with what would happen if its ground operators were unable to
communicate a reentry command to a healthy Dragon due to failed or
disabled communications. In this circumstance, SpaceX proposes that the
FAA permit the autonomous reentry of a healthy Dragon at the nominal
landing location in order to maximize public safety. This scenario may
play out in different ways. If ground operators needed more time to
complete a health check than that available during one orbit, they
could disable reentry by command. Dragon would then not reenter, even
if its autonomous health check would otherwise allow it to. If a health
check proved satisfactory, ground operators could re-enable reentry,
and Dragon would reenter. If Dragon never received a command, it could
rely on the results of its own continuous autonomous health check, and,
if those results were positive, reenter.
Dragon has several safety features that would allow for a safe
autonomous reentry in the event of a communications failure, including:
(1) The vehicle automatically reduces itself to its lowest energy level
in the case of an off-nominal burn; (2) the vehicle has the ability to
autonomously guide itself to the same pre-determined landing site,
located more than 780 kilometers from the coastline; (3) the vehicle
has the ability to monitor its safety-critical systems in real-time;
(4) the vehicle has over 100% margin on both power and propellant
budgets; (5) the vehicle has a space-grade inertial measurement unit
(IMU); (6) the vehicle
[[Page 75623]]
has a space-grade flight computer; and (7) the vehicle has redundant
drogue parachutes and dual redundant main parachutes.
Waiver Criteria: Chapter 701 allows the FAA to waive a requirement
for an individual license applicant if the FAA decides that the waiver
will not jeopardize public health and safety, safety of property, and
national security and foreign policy interests of the United States and
is in the public interest. 49 U.S.C. 70105(b)(3) (2010); 14 CFR
404.5(b) (2010).
Section 404.3 Waiver Petition
Section 404.3(b)(5) requires that a petition for waiver be
submitted at least sixty days before the proposed effective date of the
waiver. However, this section also provides that a petition may be
submitted late if the petitioner shows good cause. Id. (b)(5).
Here, SpaceX submitted its waiver petition on September 23, 2010,
which was less than sixty days before the November 8, 2010 launch date
planned at the time of the filing of the petition. However, in its
petition, SpaceX explained that it initially interpreted the applicable
regulations differently than the FAA, and was not aware that a waiver
would be required. Once the FAA informed SpaceX that it needed to
obtain a waiver, SpaceX proceeded to apply for the waiver in a timely
fashion. As such, the FAA has found that SpaceX had good cause for
submitting its waiver petition less than sixty days from its launch
date. Therefore, SpaceX's late submission does not violate 404.3(b)(5),
and a waiver of that section is unnecessary.
Section 431.43(e) Waiver Petition
Section 431.43(e) requires, in pertinent part, any operator of a
reusable launch vehicle that enters Earth orbit to issue a command
enabling reentry flight of the vehicle. It further states that reentry
flight cannot be initiated autonomously under nominal circumstances
without prior enable. 14 CFR 431.43(e).
For reasons described below, the FAA waives the requirement of 14
CFR 431.43(e), and allows SpaceX to autonomously initiate reentry
flight of Dragon in the event that SpaceX ground operators lose
communication with Dragon, and Dragon is healthy. In this context,
communication loss means Dragon fails to send a reentry request to
SpaceX's ground operators, or the ground operators are unable to send a
command enabling reentry of Dragon. The onboard health check is
designed to check time-dependent variables to ensure the health and
functionality of the propellant, power and avionics sub-systems.
In deciding whether or not to waive the requirement that Dragon's
operator issue a command to enable reentry of the vehicle, the FAA must
analyze whether the waiver: (1) Is in the public interest; (2) will not
jeopardize public health and safety or safety of property; and (3) will
not jeopardize national security and foreign policy interests of the
United States. 49 U.S.C. 70105(b)(3); 14 CFR 404.5(b). The FAA will
grant this waiver because SpaceX satisfies the criteria.
A. Public Interest
The change proposed by SpaceX is consistent with the statutory goal
of seeking improvements to safety. 49 U.S.C. 70101(a)(12) and
(b)(2)(C). Granting SpaceX's waiver is in the public interest because a
guided reentry is safer than a random reentry, and therefore Dragon's
proposed autonomous reentry capability enhances the overall safety of
the mission.
B. Public Health and Safety
Although the FAA's regulation prohibits autonomous reentry, a
waiver is warranted in SpaceX's case because an autonomous reentry of a
healthy Dragon that has lost ground communications is safer than a
random reentry. The preamble to the Reentry NPRM acknowledges that some
RLV operators were contemplating totally autonomous reentry capability,
and expressed a concern that autonomous reentry was not adequately
safe. Specifically, the FAA was concerned about system anomalies or
other non-compliant conditions that would not be verified before
initiation of reentry in the absence of active human control. Reentry
NPRM, 64 FR at 19645. The FAA retained flexibility in granting waivers
to allow the use of autonomous systems. Commercial Space Transportation
Reusable Launch Vehicle and Reentry Licensing Regulations, 65 FR 56618,
56641 (Sept. 19, 2000) (Reentry Rule). In requiring the capability for
human intervention, the FAA did not intend to foreclose the use of
autonomous systems or autonomous decision-making. Id. SpaceX's proposed
approach addresses the concern underlying the regulatory requirements
and poses less risk than that associated with Dragon being left in
orbit to reenter randomly at some later time. SpaceX's mitigation
measures are of additional importance to the FAA's decision to grant a
waiver.
The FAA's reason for requiring commanded reentry was to make sure
that an operator had the chance to verify that there were no system
anomalies or other non-compliant conditions. Under SpaceX's proposed
plan, the operator would employ two means of detecting any such
anomalies. Ground operators and Dragon's own continuous autonomous
health check would both perform health checks to determine whether
conditions prohibited reentry.
To determine the effect of granting SpaceX's waiver on public
safety, the FAA performed a risk analysis of potential reentry
outcomes. The risks of leaving the vehicle in orbit or attempting a
reentry (whether autonomous or commanded) are best compared by applying
conditional probabilities, where an undesired event is assumed to
happen, to each possibility. For purposes of comparison, in the two
cases discussed below, the FAA assumes that Dragon fails to expel its
propellant, and its parachutes fail to deploy, resulting in an
explosive impact.
In a random reentry scenario, Dragon has lost communications and is
unable to reenter autonomously. The FAA assumed a 100% probability of
leaving the vehicle in orbit with a full propellant load. The vehicle
would continue circling the Earth until it reentered randomly due to
natural orbital decay. The FAA assumed the impact probability in a
given latitude band was equivalent to the dwell time of the vehicle in
orbit over that latitude band. The FAA computed the population density
as a function of latitude by dividing the population within each
latitude band under Dragon by the Earth's surface area within each
latitude band. The FAA applied a sheltering model based on surveys and
socioeconomic factors, including population density and distribution
and the types of homes people live in, all of which affect expected
casualties. The conditional risk computed for a random reentry produced
an expected average number of casualties (Ec) of
approximately 23 x 10-3.
In an autonomous reentry scenario, Dragon has lost communications
and is attempting an autonomous reentry. The FAA assumed a 100%
probability of reentry burn failure at any time from burn initiation to
burn cutoff, assuming a uniform failure rate. In this scenario, Dragon
remains orbital for two-thirds of its burn. Two-thirds of the
conditional random reentry risk calculated above results in an
Ec of approximately 15 x 10-3. The remaining risk
results from an assumed failure during the last third of the reentry
burn when the vehicle is no longer in orbit. This results in a flight
corridor extending from the Atlantic to the Pacific crossing over the
continental
[[Page 75624]]
United States and Northern Mexico. The conditional risk along this
flight corridor is approximately Ec 13 x 10-3.
The FAA multiplied 13 x 10-3 by one-third, to account for
the fact that this failure mode is only applicable to one-third of the
burn, which results in an Ec of 41 x 10-4. The
total conditional risk associated with an autonomous reentry, where a
burn failure is assumed, is 19 x 10-3. Thus, there is
theoretically 20% less risk in an attempt to reenter Dragon than there
is in leaving it in orbit given a communications failure.
Also of importance to the FAA's decision to grant a waiver, Dragon
is equipped with a number of mitigating features. First, the vehicle
automatically safes itself in the case of an off-nominal burn. This
means that if Dragon conducted its reentry burn, but computed that the
desired landing spot would not be achieved, it would vent the rest of
its fuel, thereby reducing the possibility of explosion or dispersion
of toxic fumes on impact. Second, the vehicle has the ability to
autonomously guide itself to its planned landing location in the
Pacific Ocean, some 780 kilometers from the coastline. This internal
capability allows Dragon to act independently, based on programmed
instructions and information regarding its location, if communications
with the ground are lost. Third, the vehicle has the ability to monitor
its safety-critical systems in real-time. This means Dragon has near-
immediate awareness of the operability of its on-board systems that
allow it to operate safely, and this awareness enables Dragon to react
in time to conduct a reentry. Fourth, the vehicle has a space-grade IMU
and flight computer. This means Dragon is equipped with a system that
provides information on where Dragon is, which is pertinent to its
guidance capabilities, and the IMU and flight computer are designed and
tested to operate in the rigorous conditions of space.
C. National Security and Foreign Policy Implications
The FAA has not identified any national security or foreign policy
implications associated with granting this waiver.
Summary and Conclusion: A waiver is in the public interest because
it accomplishes the goals of Chapter 701 and decreases risk to the
public. The waiver will not jeopardize public health and safety or
safety of property because allowing autonomous reentry of a healthy
Dragon vehicle that has lost all communications presents less risk than
a random reentry. A waiver will not jeopardize national security and
foreign policy interests of the United States. For the foregoing
reasons, the FAA has waived the requirement of 14 CFR 431.43(e) for a
commanded reentry, and allows SpaceX to autonomously initiate reentry
flight of Dragon in the event that all communication between ground
operators and Dragon has been lost, and Dragon is healthy.
Issued in Washington, DC on November 30, 2010.
Kenneth Wong,
Licensing and Safety Division Manager.
[FR Doc. 2010-30399 Filed 12-3-10; 8:45 am]
BILLING CODE 4910-13-P