A.2.2.4 Range Safety Considerations
A.2.2.4 Range Safety Considerations1
A.2.2.4 Range Safety Considerations
The range safety subsystem in our launch vehicle exists to ensure public safety during the launch and flight of our vehicle. Public safety is defined as preventing damage or harm to people or property. If the launch vehicle behaves erratically, fails to remain within its flight corridor, or malfunctions in a way which prevents it from reaching orbit, then the range safety system can be used to terminate the flight and recall the launch vehicle to Earth.
The term ‘Range Safety Officer’, or RSO, describes an individual who is responsible for the remote destruction and consequent flight termination of the launch vehicle should it be deemed a hazard1. To ensure public safety, the RSO and the personnel working under him/her may evaluate the launch vehicle design as well as oversee the manufacturing and design process. The RSO monitors both the launch vehicle and environmental conditions prior to launch for anything that may necessitate the postponement of the launch. Finally, the RSO monitors and tracks the launch vehicle during flight. The RSO’s job duration ends when the launch vehicle is destroyed or reaches orbit2. In our case, we prefer the latter and define ‘orbit’ as an altitude of 300km, as described in the mission statement.
To maintain public safety, the launch vehicle must fly within a predetermined flight corridor. The flight corridor is an imaginary boundary that exists in a space above the launch range. The flight corridor is implemented so that if the launch vehicle loses power during flight, the vehicle will fall to the ground in an uninhabited area. However an engine failure outside the flight corridor means it may fall on people or property. Therefore if the launch vehicle exits the flight corridor, the RSO must destroy the launch vehicle to ensure public safety. Destruction of the launch vehicle will be done remotely using explosive charges placed aboard the launch vehicle, due to their high reliability1.
The manner in which the launch vehicle is destroyed is highly circumstantial. In most cases, it is common to terminate the launch vehicle’s propulsion system prior to destruction. Afterwards, two real options are available. The first option is to detonate the explosive charges aboard the launch vehicle while it is still in flight. Detonating the charges allows the debris to dissociate through the air, lessening the force of impact. The second option is to leave the launch vehicle intact. Not detonating the charges allows for a localized debris field2. Choosing either option is the responsibility of the RSO and depends on the current situation. In a study presented in the book “Streamlining Space Launch Range Safety”, it was shown that the malfunctioning rocket is often destroyed from dynamic forces before ground personnel reacted.
Flight tracking of the launch vehicle is also monitored internally and flight termination may be initiated automatically, without input from the RSO. The avionics of the launch vehicle will use sensor data that pertains to positioning, such as the inertial measurement unit, to initiate flight termination. The data is used by the flight computer to determine the vehicle’s current position in relation to its intended flight path. If the computer determines that it is outside of the designated flight corridor, then the computer will initiate termination automatically. Automated termination is used as a compliment to the RSO and is not intended to replace him/her.
The Federal Aviation Regulations, or FARs, require that the launch vehicle has at least two adequate and independent components relaying tracking information from the vehicle to the ground. According to the FARs, it is acceptable to lose one of the two components needed for tracking. However, if both components are lost, it is immediate cause to terminate the launch vehicle. The launch vehicle must be destroyed even if there is no indication that it is straying from the intended flight path. The launch vehicle is destroyed in this situation to ensure public safety. It is understood that requiring two components is a form of redundancy used to ensure public safety and mission success rather than for functionality. This point is used as a guideline when designing a complete subsystem.
We found through research that companies such as Honeywell and L3 Communications manufacture and sell complete range safety packages. Honeywell has a system called Ballistic Missile Range Safety Technology. They claim their system has everything required for a total mobile range safety solution3. Likewise, L3 Communications has their version of a range safety system. However, Honeywell’s and L3 Communications packages are too complicated and considered out of scope for this project. Also, the costs of Honeywell’s and L3 Communications systems significantly over expand the design budget and are disregarded.
Many components from our existing avionics package will be used to create a partial range safety subsystem. Using existing components will save on complexity, weight, and cost. The avionics flight computer (central processing unit) is incorporated into the design and used to perform the task of autonomous vehicle termination. The subsystem will also use the existing inertial measurement unit and sensor package. The inertial measurement unit is needed to relay the tracking data to the flight computer so it can perform its assigned task. The existing sensor package is needed to relay vehicle health data back to the RSO, which will aid in his task.
The range safety subsystem also requires components that are not in our existing avionics package. These components include a transmitter, receiver, antenna, global positioning unit, explosive charges, and associated safe/arm devices.
A separate transmitter and receiver can be combined into one unit called a transceiver. The transceiver and antenna will be used as a dedicated relay for the destruct signal. It is also a good idea for the transceiver to be encrypted. The encryption will protect the launch vehicle from anyone other than the RSO implementing the destruct command. Aerocomm manufactures an adequate transceiver called the AC4424. The AC4424 transceiver operates on an S-band frequency, so the chosen antenna must also match this operating frequency in order to function. Using the I-Fuze S-band antenna from Syntronics will be adequate. Finally, using a global positioning unit, or GPS, will act as a second, redundant unit working with the inertial measurement unit.
Price estimates for the explosives and associated safe/arm devices are not included in this report. This was done because no research material was found on the subject and thus, an analysis could not be performed.
References:
1“Range Safety.” Wikipedia [online], URL [cited 25 March 2008].
2Committee on Space Launch Safety (author), Aeronautics and Space Engineering Board (author), National Research Council (author). Streamlining Space Launch Range Safety, National Academics Press, 2000.
3“Range Safety.” Honeywell Aerospace [online], URL: [cited 27 March 2008].
Author: Timothy Lorenzana