Federal Aviation Administration (FAA), DOT.
Notice of waiver.Start Printed Page 75622
This notice of waiver concerns two petitions for waiver submitted to the Federal Aviation Administration (FAA) by Space Exploration Technologies Corp. (SpaceX): A petition to waive the requirement that a waiver petition be submitted at least sixty days before the proposed effective date of the waiver, and a petition to waive the requirement that SpaceX only initiate reentry of its reentry vehicle, the Dragon Spacecraft (Dragon), by command. The first petition is unnecessary because, as explained below, SpaceX demonstrated good cause for its late filing. The FAA finds that waiving the requirement for SpaceX ground operators to initiate Dragon's reentry to Earth is in the public interest and will not jeopardize public health and safety, safety of property, and national security and foreign policy interests of the United States.Start Further Info
FOR FURTHER INFORMATION CONTACT:
For technical questions concerning this waiver contact Howard Searight, Aerospace Engineer, AST-200, Office of Commercial Space Transportation (AST), Federal Aviation Administration, 800 Independence Avenue, SW., Washington, DC 20591; telephone (202) 267-7927; e-mail: firstname.lastname@example.org. For legal questions concerning this waiver contact Laura Montgomery, Senior Attorney for Commercial Space Transportation, AGC-200, Office of the Chief Counsel, Regulations Division, Federal Aviation Administration, 800 Independence Avenue, SW., Washington, DC 20591; telephone (202) 267-3150; e-mail: email@example.com.End Further Info End Preamble Start Supplemental Information
Background: On September 23, 2010, SpaceX requested two waivers from the FAA's Office of Commercial Space Transportation (AST) for the reentry of Dragon, a reentry vehicle, to be launched on Falcon 9 flight 002. First, SpaceX requested a waiver of procedural requirements for waivers set forth at 14 CFR 404.3. Second, SpaceX requested a waiver of 14 CFR 431.43(e) to allow autonomous reentry.
The FAA licenses, in relevant part, the launch of a launch vehicle, and reentry of a reentry vehicle under authority granted to the Secretary of Transportation by 49 U.S.C. Subtitle IX, chapter 701 (Chapter 701), and delegated to the FAA's Administrator and Associate Administrator for Commercial Space Transportation.
SpaceX is a private commercial space flight company. It entered into a Space Act Agreement with the National Aeronautics and Space Administration (NASA) as part of NASA's Commercial Orbital Transportation Services (COTS) program. The COTS program is designed to stimulate efforts within the private sector to demonstrate safe, reliable, and cost-effective space transportation to the International Space Station.
SpaceX's petition for waiver concerns an upcoming demonstration flight that it plans to undertake as part of the COTS program. At the time of the filing of the petition, the launch for that flight was scheduled to take place on November 8, 2010. During the flight, SpaceX's Falcon 9 vehicle will launch the Dragon reentry vehicle into orbit. Dragon is a reentry vehicle whose capability SpaceX plans to demonstrate for NASA. Ultimately, SpaceX intends to use Dragon to transport cargo and people to and from the International Space Station.
Once Dragon is in orbit, a ground-implemented health check will be carried out by telemetry. SpaceX has designed the Dragon capsule to remain in orbit until SpaceX ground operators transmit a reentry command. A ground operator can issue commands to either enable or disable the reentry of Dragon based on the health of the vehicle. Dragon is also able to conduct an autonomous health check. Propellant and power levels are the key variables used by ground operators in determining whether to issue commands to reenter or stay in orbit, and the same variables would be used by the vehicle in its onboard health check. The onboard health check is designed to check time-dependent variables to ensure the health and functionality of the propellant, power and avionics sub-systems. Based on these evaluations, Dragon is able to determine whether it is healthy. On the ground, the reentry team can read the raw data and establish for themselves whether Dragon is healthy. Dragon's onboard health check is designed to replicate the decision-making process of the ground operators with respect to time-dependent failures, which are, in Dragon's case, the full depletion of power and propellant. If Dragon's communications failed and the vehicle passed the onboard health check, Dragon would reenter autonomously.
Once Dragon passes a ground-implemented health check, ground operators will issue a reentry command. After ground operators issue the reentry command, Dragon will wait until the point in space at which the reentry burn initiation is planned before initiating reentry. Dragon will reenter, deploy three parachutes and splash down. A nominal Dragon reentry splashes down in the Pacific Ocean off the coast of southern California with some propellants on board.
If an anomaly occurs after the issuance of the reentry command, ground operators can issue a command that disables reentry. SpaceX is concerned with what would happen if its ground operators were unable to communicate a reentry command to a healthy Dragon due to failed or disabled communications. In this circumstance, SpaceX proposes that the FAA permit the autonomous reentry of a healthy Dragon at the nominal landing location in order to maximize public safety. This scenario may play out in different ways. If ground operators needed more time to complete a health check than that available during one orbit, they could disable reentry by command. Dragon would then not reenter, even if its autonomous health check would otherwise allow it to. If a health check proved satisfactory, ground operators could re-enable reentry, and Dragon would reenter. If Dragon never received a command, it could rely on the results of its own continuous autonomous health check, and, if those results were positive, reenter.
Dragon has several safety features that would allow for a safe autonomous reentry in the event of a communications failure, including: (1) The vehicle automatically reduces itself to its lowest energy level in the case of an off-nominal burn; (2) the vehicle has the ability to autonomously guide itself to the same pre-determined landing site, located more than 780 kilometers from the coastline; (3) the vehicle has the ability to monitor its safety-critical systems in real-time; (4) the vehicle has over 100% margin on both power and propellant budgets; (5) the vehicle has a space-grade inertial measurement unit (IMU); (6) the vehicle Start Printed Page 75623has a space-grade flight computer; and (7) the vehicle has redundant drogue parachutes and dual redundant main parachutes.
Waiver Criteria: Chapter 701 allows the FAA to waive a requirement for an individual license applicant if the FAA decides that the waiver will not jeopardize public health and safety, safety of property, and national security and foreign policy interests of the United States and is in the public interest. 49 U.S.C. 70105(b)(3) (2010); 14 CFR 404.5(b) (2010).
Section 404.3 Waiver Petition
Section 404.3(b)(5) requires that a petition for waiver be submitted at least sixty days before the proposed effective date of the waiver. However, this section also provides that a petition may be submitted late if the petitioner shows good cause. Id. (b)(5).
Here, SpaceX submitted its waiver petition on September 23, 2010, which was less than sixty days before the November 8, 2010 launch date planned at the time of the filing of the petition. However, in its petition, SpaceX explained that it initially interpreted the applicable regulations differently than the FAA, and was not aware that a waiver would be required. Once the FAA informed SpaceX that it needed to obtain a waiver, SpaceX proceeded to apply for the waiver in a timely fashion. As such, the FAA has found that SpaceX had good cause for submitting its waiver petition less than sixty days from its launch date. Therefore, SpaceX's late submission does not violate 404.3(b)(5), and a waiver of that section is unnecessary.
Section 431.43(e) Waiver Petition
Section 431.43(e) requires, in pertinent part, any operator of a reusable launch vehicle that enters Earth orbit to issue a command enabling reentry flight of the vehicle. It further states that reentry flight cannot be initiated autonomously under nominal circumstances without prior enable. 14 CFR 431.43(e).
For reasons described below, the FAA waives the requirement of 14 CFR 431.43(e), and allows SpaceX to autonomously initiate reentry flight of Dragon in the event that SpaceX ground operators lose communication with Dragon, and Dragon is healthy. In this context, communication loss means Dragon fails to send a reentry request to SpaceX's ground operators, or the ground operators are unable to send a command enabling reentry of Dragon. The onboard health check is designed to check time-dependent variables to ensure the health and functionality of the propellant, power and avionics sub-systems.
In deciding whether or not to waive the requirement that Dragon's operator issue a command to enable reentry of the vehicle, the FAA must analyze whether the waiver: (1) Is in the public interest; (2) will not jeopardize public health and safety or safety of property; and (3) will not jeopardize national security and foreign policy interests of the United States. 49 U.S.C. 70105(b)(3); 14 CFR 404.5(b). The FAA will grant this waiver because SpaceX satisfies the criteria.
A. Public Interest
The change proposed by SpaceX is consistent with the statutory goal of seeking improvements to safety. 49 U.S.C. 70101(a)(12) and (b)(2)(C). Granting SpaceX's waiver is in the public interest because a guided reentry is safer than a random reentry, and therefore Dragon's proposed autonomous reentry capability enhances the overall safety of the mission.
B. Public Health and Safety
Although the FAA's regulation prohibits autonomous reentry, a waiver is warranted in SpaceX's case because an autonomous reentry of a healthy Dragon that has lost ground communications is safer than a random reentry. The preamble to the Reentry NPRM acknowledges that some RLV operators were contemplating totally autonomous reentry capability, and expressed a concern that autonomous reentry was not adequately safe. Specifically, the FAA was concerned about system anomalies or other non-compliant conditions that would not be verified before initiation of reentry in the absence of active human control. Reentry NPRM, 64 FR at 19645. The FAA retained flexibility in granting waivers to allow the use of autonomous systems. Commercial Space Transportation Reusable Launch Vehicle and Reentry Licensing Regulations, 65 FR 56618, 56641 (Sept. 19, 2000) (Reentry Rule). In requiring the capability for human intervention, the FAA did not intend to foreclose the use of autonomous systems or autonomous decision-making. Id. SpaceX's proposed approach addresses the concern underlying the regulatory requirements and poses less risk than that associated with Dragon being left in orbit to reenter randomly at some later time. SpaceX's mitigation measures are of additional importance to the FAA's decision to grant a waiver.
The FAA's reason for requiring commanded reentry was to make sure that an operator had the chance to verify that there were no system anomalies or other non-compliant conditions. Under SpaceX's proposed plan, the operator would employ two means of detecting any such anomalies. Ground operators and Dragon's own continuous autonomous health check would both perform health checks to determine whether conditions prohibited reentry.
To determine the effect of granting SpaceX's waiver on public safety, the FAA performed a risk analysis of potential reentry outcomes. The risks of leaving the vehicle in orbit or attempting a reentry (whether autonomous or commanded) are best compared by applying conditional probabilities, where an undesired event is assumed to happen, to each possibility. For purposes of comparison, in the two cases discussed below, the FAA assumes that Dragon fails to expel its propellant, and its parachutes fail to deploy, resulting in an explosive impact.
In a random reentry scenario, Dragon has lost communications and is unable to reenter autonomously. The FAA assumed a 100% probability of leaving the vehicle in orbit with a full propellant load. The vehicle would continue circling the Earth until it reentered randomly due to natural orbital decay. The FAA assumed the impact probability in a given latitude band was equivalent to the dwell time of the vehicle in orbit over that latitude band. The FAA computed the population density as a function of latitude by dividing the population within each latitude band under Dragon by the Earth's surface area within each latitude band. The FAA applied a sheltering model based on surveys and socioeconomic factors, including population density and distribution and the types of homes people live in, all of which affect expected casualties. The conditional risk computed for a random reentry produced an expected average number of casualties (Ec) of approximately 23 × 10−3.
In an autonomous reentry scenario, Dragon has lost communications and is attempting an autonomous reentry. The FAA assumed a 100% probability of reentry burn failure at any time from burn initiation to burn cutoff, assuming a uniform failure rate. In this scenario, Dragon remains orbital for two-thirds of its burn. Two-thirds of the conditional random reentry risk calculated above results in an Ec of approximately 15 × 10−3. The remaining risk results from an assumed failure during the last third of the reentry burn when the vehicle is no longer in orbit. This results in a flight corridor extending from the Atlantic to the Pacific crossing over the continental Start Printed Page 75624United States and Northern Mexico. The conditional risk along this flight corridor is approximately Ec 13 × 10−3. The FAA multiplied 13 × 10−3 by one-third, to account for the fact that this failure mode is only applicable to one-third of the burn, which results in an Ec of 41 × 10−4. The total conditional risk associated with an autonomous reentry, where a burn failure is assumed, is 19 × 10−3. Thus, there is theoretically 20% less risk in an attempt to reenter Dragon than there is in leaving it in orbit given a communications failure.
Also of importance to the FAA's decision to grant a waiver, Dragon is equipped with a number of mitigating features. First, the vehicle automatically safes itself in the case of an off-nominal burn. This means that if Dragon conducted its reentry burn, but computed that the desired landing spot would not be achieved, it would vent the rest of its fuel, thereby reducing the possibility of explosion or dispersion of toxic fumes on impact. Second, the vehicle has the ability to autonomously guide itself to its planned landing location in the Pacific Ocean, some 780 kilometers from the coastline. This internal capability allows Dragon to act independently, based on programmed instructions and information regarding its location, if communications with the ground are lost. Third, the vehicle has the ability to monitor its safety-critical systems in real-time. This means Dragon has near-immediate awareness of the operability of its on-board systems that allow it to operate safely, and this awareness enables Dragon to react in time to conduct a reentry. Fourth, the vehicle has a space-grade IMU and flight computer. This means Dragon is equipped with a system that provides information on where Dragon is, which is pertinent to its guidance capabilities, and the IMU and flight computer are designed and tested to operate in the rigorous conditions of space.
C. National Security and Foreign Policy Implications
The FAA has not identified any national security or foreign policy implications associated with granting this waiver.
Summary and Conclusion: A waiver is in the public interest because it accomplishes the goals of Chapter 701 and decreases risk to the public. The waiver will not jeopardize public health and safety or safety of property because allowing autonomous reentry of a healthy Dragon vehicle that has lost all communications presents less risk than a random reentry. A waiver will not jeopardize national security and foreign policy interests of the United States. For the foregoing reasons, the FAA has waived the requirement of 14 CFR 431.43(e) for a commanded reentry, and allows SpaceX to autonomously initiate reentry flight of Dragon in the event that all communication between ground operators and Dragon has been lost, and Dragon is healthy.Start Signature
Issued in Washington, DC on November 30, 2010.
Licensing and Safety Division Manager.
1. Even though Dragon is a reentry vehicle and not a reusable launch vehicle, 14 CFR 435.33 incorporates and applies section 431.43 to all reentry vehicles.Back to Citation
2. SpaceX stated that autonomous reentry would only be used in off-nominal circumstances, and the regulation prevents autonomous reentry only for nominal circumstances, thus rendering a waiver unnecessary. This interpretation of the regulation conflicts with the regulation's requirement that an operator only initiate reentry by command as described in the preamble to the proposed rule. There, the FAA expressed its concern that authorizing reentry of totally autonomous vehicles would not fulfill adequately its public safety responsibility. Without active control, those systems and conditions necessary for safe reentry would not be verified before reentry was initiated Commercial Space Transportation Reusable Launch Vehicle and Reentry Licensing Regulations, 64 FR 19626, 19645 (Apr. 21, 1999) (Reentry NPRM). Because it was the FAA's intent that the regulations ensure human control capability upon reentry, SpaceX's petition is a request for a waiver.Back to Citation
[FR Doc. 2010-30399 Filed 12-3-10; 8:45 am]
BILLING CODE 4910-13-P