SpaceX’s upcoming megarocket, Starship, is quickly coming to life before our eyes. Starship will be the biggest, most powerful rocket to ever fly. Capable of taking 100 people to the surface of Mars AND just as important, back. Not only that, it’ll be a fully reusable rocket. The holy grail of spaceflight… Something that could be absolutely game changing, ushering in a new era of humanity’s access to space.
BUT as excited as I am about Starship, there does seem to be something missing. An abort system. How can Starship be safe enough for humans if it won’t have a way to escape from a failing rocket? An abort system, or a launch escape system, can pull crew away from a doomed rocket, saving their lives in the event of a catastrophe. They’re pretty much universally accepted as a necessity if humans are on board.

Rockets carrying people should have abort systems

— Tory Bruno (@torybruno) December 5, 2019

So wouldn’t it be a good idea to have some kind of detachable cabin that has its own thrusters and recovery system? Or literally just a crew dragon with its own abort system on the top for the first few missions until the kinks of the rocket are worked out?  After all, the space shuttle, which tragically lost two crews, also lacked a mechanical abort system. Is history bound to repeat itself with Starship? Can we really trust a rocket to just not fail?

This is one of those topics I’ve been asked about over and over and for good reasons! Especially now that we’re seeing the commercial crew program put launch abort systems through their paces.

And this topic has come up even more since we’ve actually witnessed a failure of the MK-1 Starship prototype while pressure testing on the launch pad… what if there were people on board… why isn’t SpaceX thinking about putting an abort system on it?

As you may know, I’ve already talked a good amount about abort systems in an article explaining why both SpaceX’s Crew Dragon capsule and Boeing’s Starliner have opted for liquid fueled pusher abort systems, as opposed to a more traditional puller system with solid rocket motors.

So if you want an overview on those systems, definitely check that article out! It should help give you some extra perspective on modern abort systems.

Now in case you didn’t notice when you clicked on this article, this is again another pretty long one. As you may know, I don’t like to skim the surface of topics, I like to actually dive deep into the data and history in order to find the answers. We’re going to get into a lot of little details, charts, and data and MORE charts and MORE data. 

We’ll go over certifications of rockets, the reliability of rocket engines, the risks and benefits of Starships design, and even look at the whole history of human spaceflight and figure out how many times an abort system has actually saved the lives of those on board. 

By the end of this article, it won’t just be my opinion on whether Starship without an abort system is a good idea or not, it’ll mostly be an analytical based summary.

How abort systems work 

Ok, so abort systems. The idea is simple. Rockets are fickle beasts. They’re riding the finest engineering line possible. They need to handle extremely intense loads, temperatures and environments while also being as lightweight as possible. Since there’s literally millions of moving parts, it’s honestly a miracle they work at all. 

So when putting someone on top of a vehicle that’s basically a giant bomb with a nozzle that has to have millions of parts work properly in order to NOT fail, it’s generally considered a good idea to have a backup plan if things don’t go as planned.

Throughout most of human spaceflight, there’s been one method that has dominated abort systems, a solid rocket motor launch escape tower. This is the tower that sits on top of the crew module that you may have noticed on vehicles like Mercury, Soyuz, Apollo, and even NASA’s Orion capsule.

A few vehicles like Vostok, Gemini and early Space Shuttle’s had ejection seats as an escape system, and I’ve already done a video about that if you want to hear more about it, but regardless of whether it’s an ejection seat, a launch tower, or a more modern liquid pusher system, the concept is the same.

If the escape system detects either a loss of thrust, a severe deviation in the flight path, or even detects a rupture in the tanks, it’ll trigger the abort system. 

Early rockets had a trio of sensor wires running the length of the fuselage. If any two of them lost contact, it indicated the fuselage had broken up, which would trigger the abort system. The launch abort system can also be manually triggered by an astronaut who may notice a critical flaw that the system doesn’t detect.

Once an abort system is triggered, the stage separation system needs to let go of the spacecraft as the abort motors are fired, so it can pull it clean from the rocket. When the motors fire it accelerates the crew capsule away from the rocket extremely quickly! Abort motors can pull some serious Gs, like over 10 Gs for brief periods of time. 

Ok, so launch abort systems were pretty much considered the best way to keep a crew safe. But what if you just made your entire system safer? What if you made more redundant systems and over engineered the parts to even greater safety margins.

Space Shuttle Safety Margins

Designing a rocket to be as reliable as an airliner… that’s exactly what NASA was hoping to do when engineering the Space Shuttle. The thought being if every single part of the space shuttle was over engineered, the chance of loss of vehicle and crew would be very low. So low, it might actually be safer than adding additional moving parts and systems necessary to make an effective abort system.

During the Apollo era when NASA had what now seems like unlimited funding, they contracted General Electric to do a full numerical probabilistic risk assessment of landing a human on the moon and returning them safely to Earth. 

The number GE came up with was… 5. 5 percent. NASA administrator James Webb, didn’t like those numbers, and instead of making changes to the rocket, they changed the way they engineered around risk. Which let me point out, isn’t necessarily a bad thing. They developed something called Failure Modes and Effects Analysis which was a way to identify designs and hardware that would worst case scenario lead to catastrophe. 

These were ranked as Criticality 1, which would threaten the life of the crew or the existence of the vehicle, Criticality 2 which would threaten the mission or Criticality 3 for anything else. They also added R as a notation for redundant systems in these parts and design analyses.

With NASA’s budget beginning to dwindle once humans landed on the moon, and congressional support for the upcoming Shuttle Program waning, NASA had to sell the Space Shuttle as a cheap and reliable workhorse. And its exact risk even had to be calculated in order to launch plutonium-fueled spacecraft like the Jupiter Probe, Galileo.

Testing the reliability of a complex system involves studying the system as a whole, identifying potential fault points, and then gathering the limits on these potential fault points over different environmental conditionals. You also test them in statistical models and computer simulations, and iterating them to make sure that the computer simulations meet the real world performance in order to help determine if the probability of success is above the threshold required.

Each and every single part will have a design specification and a certain safety factor for how much more it can handle beyond its design specification. The general rule of thumb for most parts on a rocket is a factor of safety of 1.5.  This means if a part needs to handle 10 newtons of force, when testing it, it should be able to handle 15 newtons of force without it failing. But when there isn’t good test or heritage data of a part, a factor of safety of 2.0 is considered a good rule of thumb.

But by the start of the Shuttle program, estimates of catastrophic failures ranged from less than 1% to less than 0.001%… so a couple orders of magnitude in its estimated range of predicted safety.

Despite the optimistic nature of NASA, the first four flights of the Space Shuttle had ejection seats active, but were later ditched due to their very limited use cases and the fact that they could only eject crew on the upper deck since the rest of the crew was on the mid deck below them.

After the challenger disaster, NASA did consider utilizing an ejection cabin that could eject the entire crew module free from the shuttle like the F-111 and early B-1 prototypes, but it was deemed too complex, too heavy, and required too many modifications to really make it feasible. 

Ok. So in hindsight, we know the shuttle wound up with two failures out of 135 flights, one during launch and one during reentry, giving it a success rate of only 98.5%, which is WAY off from even the most conservative estimates of safety. 

Likely due to the Space Shuttle’s total track record, NASA changed their certification system for the Commercial Crew Program, which is required to have a probability of loss of crew at 1:500 on ascent, 1:500 on descent, with a 1:270 chance of an issue while in orbit. 

To actually certify and validate systems, sometimes it comes down to just putting it all through the wringer to test the system as a whole alongside testing each individual part. Testing the system as a whole is what NASA called during the Apollo Era, “All-up testing”.

All-up testing might actually be a quicker route to verify the system vs acquiring certification through more ground tests, analysis and using heritage data that might require a higher factor of safety per part if it’s not going to be tested as a whole. 

You can see this difference today with how SpaceX chose to validate and certify their abort system by opting to test it in flight while Boeing has opted to certify their abort system through a more stringent certification of individual parts.

Since the Space Shuttle and Starship both lack abort systems, what design considerations did the Space Shuttle have that were so dangerous… does Starship have those same flaws?

What made the Space Shuttle so dangerous

There’s a few things that made the space shuttle inherently kinda dangerous, but let’s start off with those solid rocket boosters. Those giant white solid rocket boosters on the side of the external fuel tank actually provided over 60% of thrust at liftoff. 

But once they ignited, there was NO shutting them down… you’re going somewhere, in a hurry. Hopefully the pointy end is up and the flamey end is down!

This meant any abort mode or abort procedure, no matter how bad or dire, required the crew “ride out” the boosters… seriously… So for an entire 127 seconds, if there was a problem, you just had to cross your fingers and toes that it wasn’t too serious to keep going… 

This is mostly because if you were to abort by either detaching the orbiter from the external fuel tank or by trying to jump out, you’d end up within the plume of those SRBs, which would certainly be lethal.

Obviously some problems you can’t just ride out, like on January 28th, 1986 when the Space Shuttle Challenger took to the sky on its 10th mission. A leaky O-ring that sealed one of the sections of the Solid Rocket Boosters sprung a leak which ended up causing separation of the joint that held the SRB to the external fuel tank, which then led to complete structural failure of the vehicle and tragic loss of the crew of 7.

But perhaps the biggest problem with the Challenger disaster wasn’t a hardware problem, but a problem with program management and pressure to get that flight off the ground. It was known that they would be launching outside of the predetermined operating envelope of the SRBs and it was recommended to not launch that day. 

Although utilizing liquid fueled rocket boosters would not eliminate all potential failures, and could arguably be less reliable than a solid booster, they can at least be shut down which in general can open up more abort options. 

Take a look at this chart. Notice the black sections. Yeahhhh… those are sections of ascent where there would be a full loss of control and/or structure failure if the vehicle were to lose 2 or 3 main engines… So basically… lose two of the three main engines and you’re screwed. And we’re not even talking about if there’s a problem with the SRBs.

But after Challenger, NASA came up with a lot more contingencies including alternate runways and the iconic orange Advanced Crew Escape Suits to… you know.. Escape if things went wrong. Literally… escape…

Yeah, see these grey sections of ascent? Now the plan was for the crew to literally jump out during those sections. As in, carefully ditch the external fuel tank, get the orbiter into a stable glide, literally unbuckle, blow the hatch, extend a freaking pole that made it so you wouldn’t hit the wing, and jump out… seriously.

Speaking of hitting the wing, that’s another major flaw of the space shuttle. The orbiter was hanging off the side of the vehicle, which put the crew module and fragile thermal protection system directly in the path of ice and foam strikes. 

The orange external fuel tank housed cryogenic hydrogen and oxygen which had a good amount of insulation in order to keep them at operating temperatures. You can actually see sheets of ice fall off basically any liquid fueled rocket at liftoff, it’s a known variable, and even large chunks of foam were observed falling off the Shuttle’s external fuel tank but NASA grew more and more accepting of this fact.

When you combine a large chunk of foam and the fragile nature of the thermal protection system on the space shuttle, you wind up with a real potential for disaster. And this is exactly what caused the Columbia failure. 

A large chunk of foam struck the leading edge of Columbia’s wing on the ascent, punching a large hole in the reinforced carbon-carbon section of the thermal protection of the left-wing. The shuttle and the 7 crew onboard continued to carry out their mission for 15 days with a hole that would doom their reentry.

On February 1, 2003, as Columbia reentered the Earth’s atmosphere, the large hole in the wing caused the hot plasma to essentially destroy the wing and therefore the orbiter, tragically ending the 7 crew’s lives on board. 

Besides the orbiter being slung off the side of the rocket and in harm’s way of falling debris, the danger was amplified by how fragile the Space Shuttle’s thermal protection system was. The Space Shuttle’s 24,000 plus silica tiles were literally glued onto the aluminum airframe of the orbiter and covered the entire bottom portion of the vehicle.

Their fragile nature caused not only many headaches, but also led to some close calls. Perhaps the most well noted was STS-27 which experienced a debris strike 85 seconds into the flight. This knocked a tile clean off, and damaged OVER 700 other tiles! Woah. In the absolute luckiest of circumstances, a tile that went missing was right on top of a steel mounting plate for the L-band antenna, which steel has a higher melting point than the aluminum airframe and by sheer luck, the orbiter survived reentry and didn’t end up a disaster like Columbia would some 15 years later.

How Starship Differs from the Space Shuttle

Ok. So now that we know some of the major design flaws that plagued the space shuttle, let’s go over Starship and how its design differs. Well, right off the bat, Starship is on top of the Super Heavy booster, and not slung off the side. As we’ve noted, this is clearly a safer place for the crew cabin to be, putting it ahead of any potential debris strikes. 

BUT, we should note something that will definitely need to be studied. Remember, Starship also has those large flaps that are vital to its reentry. This does mean there’d be potential for ice from the liquid oxygen and liquid methane tanks on the Starship upper stage to strike the leading edge of the flaps. 

Here’s where Stainless Steel and bolted on thermal protection plates has a huge advantage over the fragile silica tiles and reinforced carbon-carbon covering the aluminum airframe.

But we shouldn’t forget, the leading edge and underside of the flaps of Starship WILL still utilize a heat shield, but unlike the silica tiles of the shuttle, they’re supposedly much more durable and bolted to the airframe instead of glued.

We’ve already seen SpaceX test heat shield mounting and material options on Starhopper, putting them through extreme environments, vibrations, and temperatures. They’ve also experienced reentry when SpaceX put a few small pieces of Starship heat shield on a Dragon Capsule to observe its reentry.

Steel body panels and some variant of a TUFROC heat shield bolted to the airframe should be more resilient than the space shuttle, considering steel can dent and ding and won’t completely shatter like reinforced carbon-carbon or simply fall off like the silica tiles. But also, just like STS-27’s lucky brush with death, steel has a much higher melting point than aluminum.

This allows for much greater tolerance to heat than the aluminum airframe of the shuttle. As a matter of fact, it’s likely Starship could almost survive intact with little to no additional heat-shielding as other stainless steel components have survived reentry virtually intact. Although it probably wouldn’t look so pretty or be reusable if it did lack additional heat shielding.

This is one of the biggest reasons SpaceX switched to Stainless Steel over carbon fiber because, by the time you factor in how big of a heat shield is necessary, Stainless Steel starts to come ahead as it can handle much higher temperatures in general before it begins to fail.

Ok, so hopefully a stainless steel body and a more resilient bolted on thermal protection system along with putting Starship on the top of the rocket stack should all help mitigate the risk of a reentry disaster, like Columbia… 

So now what about putting this all on top of a rocket booster that will have at least 37 of the world’s most advanced and complicated engines, that is, of course, the full flow staged combustion cycle Raptor engine. How could this possibly be safer and have fewer failures than a simple pair of solid rocket boosters?

Engine Reliability

Now here’s where SpaceX has some good knowledge and experience. Their Falcon 9 does something fairly unusual in the rocket world, which is having 9 engines on the booster instead of one or two large ones. This actually allows multiple engines out capability. 

Now depending on which engines fail and at what point in the flight they fail, 9 engines give the Falcon 9 a lot of extra safety margin compared to other rockets. Each engine is isolated within a blast containment cell as part of the octoweb configuration.

This is why an engine can fail and have it not affect other engines. Mix this with modern sensors and quick-acting computers, and the rocket should be able to shut an engine down before a catastrophic failure even occurs.

SpaceX has developed its Merlin engine to the point of EXTREME reliability. In fact, only one Merlin has ever shut down in flight out of over 800 merlins being flown to date. Not to mention, that was very early on in the program, the fourth flight of a Falcon 9 for mission CRS-1 to be exact. And since then, the engine has had 100% reliability.

So in total, the Merlin engine to date has proven to be 99.88 % reliable, mix that with redundancy on the first stage, and you wind up with an incredibly reliable booster. Not to mention the fact that some of the Merlins on the first stage of the Falcon 9 have to fire up and extra 2 or 3 times per flight in order to land. 

No engine has ever failed mid reentry burn or landing burn and caused the rocket to not land. That’s not to say every landing has been perfect of course, but it’s never been the fault of a Merlin engine, well kind of, depending on if you consider a lack of starting fluid an engine failure or not.

But just for funsies, let’s actually take a look at some other rocket engines throughout history and see how reliable they have been. But just a little caveat, it gets incredibly difficult to just say “reliability” because there are so many factors, especially when you factor in relighting of engines or running out of TEA-TEB ignition fluid or something. But still, looking at these numbers should give us a decent perspective on how reliable liquid-fueled engines can actually be.

So again, SpaceX’s merlin is currently at 99.88% reliability in flight, which makes it slightly more reliable than the RS-25 space shuttle main engine which also only shut down once in flight, but with only 3 engines on 135 missions, it wound up with 99.75% reliability in flight. 

Then there’s the RD-180, which technically shut down 4 seconds early on one of its 86 flights to date, making it 98.83% reliable, although it’s also kind of 100% since that mission, OA-6, was able to continue on as and be a success, just barely… 

So we can say between 98.83% and 100% depending on how you define engine reliability. I mean, shutting down before intended is considered a failure of the engine, had that happen at any point before that, the mission would have failed. But I would consider it a successful mission for the Atlas V since the centaur upper stage could compensate for the failure.

But how about another Russian engine? The RD-107 and its brother the RD-108 that power the Soyuz rocket. Now, this rocket has flown SO MANY TIMES and for SO LONG in so many different forms, it’s definitely not fair to compare the early days of the Soyuz… Besides, the data is also really hard to find.

So let’s just look at the 267 flights in the 21st century which use an RD-107/RD-108, Of the 1,335 engines fired in this century, only ONE has failed, giving the RD-107/RD-108 a 99.92% in-flight reliability.

But one of the most reliable engines ever flown was actually the monster F-1 engine that powered the Saturn V. The 13 times the Saturn V flew, all 65 F-1 engines that powered those flights were 100% successful. 

Now before you hop in the comments section and say “but didn’t Apollo 13 have the center F-1 fail?”, no, that was a J-2 on the second stage! There seems to be a Mandela effect on F-1 reliability where everyone, including myself, tends to think an F-1 failed on the ascent.

So let’s assume since there’ll be so much data on the Raptor after they fly Starship a few times, that SpaceX can eventually match the reliability of the Merlin engine… With multi-engine out capability, the booster should be a very reliable first stage.

Assuming SpaceX does their due diligence to prevent an engine failure from affecting other engines nearby as they have with the Falcon 9, having dozens of engines can make for an incredibly robust vehicle. 

Ok, sure, dozens of engines on ascent could help make the booster safe and reliable. But what about the big elephant in the room? In order for humans to survive a ride on Starship, the Starship itself has to not only perform a pretty wacky landing maneuver, but it also relies on two out of three raptor engines working for the landing burn.

Is that safe? Can we actually rely on the propulsive landing for human lives? Well, let’s go ahead and actually take a look at the Falcon 9 again, as it’s one of only two vehicles in history to perform propulsive landings after reaching space, but remember, it isn’t reaching orbital velocity either, so we’re mostly just going to look at the engine aspect of its landing procedure, for now.

To date, SpaceX has landed 46 out of 54 landing attempts. That’s not great, but remember, before the first landing, it was literally considered impossible. If we look at just landing attempts starting in 2017 after it became less experimental and more routine… we get some pretty surprising numbers.

There’s been 45 attempts since 2017 and only three of those were failed landings. None of these 3 landing failures was due to a failure of a merlin engine itself, although again it gets complicated.

Going in order, on February 6, 2018, SpaceX launched the first Falcon Heavy on its demo mission and landed all but the center core of the Falcon Heavy. The center core ran out of TEA-TEB which is the pyrophoric starting fluid that ignites the engines. It sounds like there was an easy fix and it wasn’t actually that it would need more TEA-TEB, but just needed to switch which bottle it pulled the TEA-TEB from and at what time to solve the problem.

Then later that year, on December 5th, 2018, for the CRS-16 mission, a brand new Block 5 Falcon 9 core failed to land when the hydraulic system that controls the grid fins seized up. The solution was simply a bleed valve that would prevent that from happening again. The merlin engine performed fine and allowed the vehicle to touch down soft enough that it didn’t break apart and could be towed back into port.

Lastly, the latest Falcon Heavy launch on June 25th, 2019 for the STP-2 mission had a failed center core landing attempt as well. SpaceX didn’t expect the core to survive reentry due to extremely high velocities and pushing the vehicle to the limits. So far as we know, the engines themselves still performed fine but the thrust vector control on an engine was destroyed from the spicy reentry heat, making the vehicle lack precise control for landing. 

Since this was at the outer limits of what the booster is capable of, the solution is just to not push it that hard if you need to land. So if this were a Starship mission with people on board, they would’ve made sure there were healthy margins that are safely within the operational range of Starship and not even accept a mission where they push it to the limits in the first place.

So can we ever rely on propulsive landings for humans? Eventually, sure. As long as there are redundancies in place. Having three engines light and having engine out capability is a good place to start. 

But what about other systems in place? What about those giant wingy / flappy / fins things? What if the hydraulic system fails on those and they get stuck, like what happened on CRS-16? Well for this, we need to look no further than airliners and the Space Shuttle. 

Here’s where redundancy comes into play. Airliners would lose control and be unable to operate their landing gear as intended if the hydraulic systems failed. The same goes for the Space Shuttle. This is exactly why there are redundant generators, redundant pumps, redundant lines, basically, everything is redundant.

It’s actually not very wise to compare the CRS-16 failed hydraulic system and say, “See, what if that happens on Starship?” because a Falcon 9 booster landing isn’t mission-critical, let alone required for human safety, so they have intentionally lacked redundancy for simplicity.

But there is ONE big thing that isn’t redundant and can be catastrophic if it fails, and boy do I mean big… the fuel tank / fuselage. This is honestly my biggest area of concern. And to be frank, it’s the one thing SpaceX has had bad luck with over and over and over.

The first failure of a Falcon 9 was due to a helium-filled composite over-wrapped pressure vessel or COPV, that pressurizes the fuel and oxygen tanks, broke loose in the upper stage oxygen tank on June 28th, 2015 for the CRS-7 mission. This caused a rapid unscheduled disassembly and complete loss of the rocket and it’s the payload.

The next was the infamous AMOS-6 anomaly on September 1st, 2016. Again, an over-pressurization due to a failed helium tank in the upper stage caused a complete and total loss of the vehicle as it was being fueled up on the launchpad for a static fire.

Then we have the Crew Dragon anomaly on April 20th, 2019. This is when SpaceX was testing the launch abort system on the ground and had a frozen chunk of nitrogen tetroxide shoot through a titanium valve causing a rupture in the system and total loss of the vehicle.

And most recently, we actually saw a failure of the Starship MK-1 prototype on November 20th, 2019 when we saw it blow its top off from over-pressurization during a pressure test. Now, this I’ll give a bit of a pass to. This vehicle and that test were nowhere near future operating conditions. 

SpaceX was pushing this prototype much further than normal operating ranges AND these were the shotty welds of a very initial rough prototype and really doesn’t represent a future, more refined vehicle. But it sure does get a bit spooky when you think that if that was a fully fueled Starship, there would be no aborting from it.

Starship Abort Options

So I guess this leads us to the question of what options Starship has to abort? We’ve already gone over what design considerations make it avoid the same design flaws as the Space Shuttle, but it STILL is lacking an actual abort system… So can it abort at all?

Well, let’s first make sure we’re clear on the types of abort options. There’s a big difference between a pad abort, an inflight abort, aborting to orbit and aborting a mission in general.

A pad abort is the option to pull the spacecraft free from the rocket while still on the pad. This is actually a pretty dangerous time while the vehicle is fully fueled, full of highly pressurized explosive material. So can Starship do a pad abort? Yes-ish and no. If the problem is in the Starship upper stage itself, like a tank rupturing or something, the simple answer is no. But what if the problem is with the booster? 

If the booster suddenly ruptures, the upper-stage of Starship could perform an emergency quick start of the Raptor engines which COULD help prevent the Starship from just falling down onto a pile of what was a Super Heavy booster and now a flaming hellish landscape.

If all engines are fired, including its vacuum optimized engines, Starship would have just barely enough thrust to slowly get away from the pad and divert to a safe landing area. That is assuming a failed Super Heavy booster didn’t damage the Starship bad enough to make it unflyable. Don’t forget, you’re not trying to outrun the pressure wave, because, spoiler: unless you can go 0 to the speed of sound instantly, you can’t outrun it. So if you’re inside a pressure vessel, you should survive the initial blast.

You also might ask how could they fire vacuum optimized engines at sea level… well, according to Elon, they could have dual bell nozzle design and fix the nozzle to the hull wall which can stabilize it. And in general, yes, you can fire a standard vacuum nozzle at sea level in an emergency, but it’s likely to fail… but why not try if the other option is complete failure anyway.

So pad abort, kinda, maybe a little… well at least better than the Space Shuttle’s full lack of abort options on the pad. The same goes for an inflight abort. An in-flight abort is just what it sounds like, aborting while the rocket is flying. 

Again, assuming the upper stage isn’t the culprit of the problem, the Starship could theoretically pull away and perform whatever maneuver necessary to re-enter and land somewhere else or worst case scenario do a soft splashdown emergency landing. Again, it should have more options and opportunities here than the Space Shuttle did.

Once Starship has detached from Super Heavy, there really aren’t any abort options other than aborting to a safe reentry profile and then reentering if it can’t achieve orbit. But luckily, with the control surfaces on Starship, they could greatly alter their aerodynamic profile and dynamics for a handful of safe reentry options.

This is helpful compared to say a capsule that can’t change its shape and actually has areas in a launch profile that the engineers need to avoid. For instance, if a standard single-engine RL-10 Centaur upper stage was used on Boeing’s Starliner, there would be large portions of the profile where an abort would be deadly due to extreme reentry forces. 

Boeing and ULA, therefore, had to opt with a two-engine variant of the Centaur upper stage that could fly a safer profile which allows for a safe abort window throughout the entire ascent.

And of course, on reentry there really isn’t ever an abort option. Reentry just needs to work. Even if there was a mechanical abort option during reentry, it likely wouldn’t be very helpful. Now, of course, a passively stable capsule with an ablative heat shield has very little that could go wrong, but again, redundant hydraulics for control surfaces and a structure that can handle high temperatures in general should offer a decent buffer in reentry for Starship.

Do Abort Systems Actually Make a Rocket Safer?

Ok, we’re finally getting to the true meat of the question. Is it actually better to have an abort system on a rocket, period? To do that, let’s quickly go over all the aborts and all the accidents of human spaceflight and determine whether or not an abort system could’ve helped.

Looking at the history of orbital spaceflight there’s only been 18 deaths actually occurring during orbital spaceflight activities. The first being a parachute failure on the first Soyuz mission in 1967 killing cosmonaut Vladimir Komarov. An abort system would not have helped.

The next tragedy was Soyuz 11 in 1971 which decompression of the spacecraft actually led to the deaths of 3 cosmonauts. To this day, this is the only incident in which humans died in space, above the Karman line. An abort system would not have helped.

Next, we have the Space Shuttle Challenger disaster in 1986 which we’ve already talked about. A mechanical abort system would have likely saved the crew of 7.

Lastly, we have the Space Shuttle Columbia disaster in 2003 which again tragically killed the crew of 7. An abort system would likely not have helped. There’s a chance if an escape pod had its own heat shield and the like, it may have helped, but it’s unlikely aborting during reentry would be a very good option.

Now let’s look at the number of times a crewed orbital launch escape system has aborted. This number is very small. Today, an abort system actually armed for a flight has only been triggered 3 times. The first time an abort system was used was actually on an uncrewed test-flight of Soyuz for the Soyuz 7K-OK #1 mission in 1966. The launch was reset when a strap-on booster failed to ignite.

The crew went out to inspect the rocket when suddenly, 27 minutes after the scrub, the launch tower activated because its gyroscope noticed it was 8 degrees off-axis from where it thought it should be due to the Earth’s rotation. The firing of the abort system ended up lighting the third stage on fire, and then the rest of the rocket blew up on the pad killing one ground crew personnel. In this case, an abort system caused a failure.

The next time an abort system was fired, was the only time there’s been a pad abort with crew on board. On September 26, 1983, when the crew of Soyuz T-10-1 had to abort from their Soyuz rocket that had caught on fire while still on the launchpad. After safely aborting and landing 4 km downrange, the crew was bruised up and shaken when they were met by the recovery crew. They were given cigarettes and shots of vodka to relax… In this case, obviously, the launch abort system saved lives. 

Lastly, the abort system was triggered on another Soyuz mission MS-10 in 2018 when there was a problem at booster separation that caused a booster to rupture the core stage. This triggered the abort system, not the full tower which had just been jettisoned a few seconds prior, but a smaller abort system integrated onto the fairing covering the crew module. 

In this case, the abort system saved lives, but perhaps simply shutting down the engines and detaching from the booster would have been sufficient without a mechanical escape system active.

There are really only about two other flights which were aborted, the first was Soyuz 7K-T-39 in 1975, which aborted after the escape tower and fairing were jettisoned, so it performed an abort using only its built-in motor. An abort system obviously wouldn’t have helped as it had already been ditched.

Then there’s the only Space Shuttle to abort, STS-51-F in 1985. It performed an abort to orbit maneuver when one of the RS-25 main engines shut down. Again, an abort system wouldn’t have helped as it was unnecessary.

So in the grand scheme of things, to date, a mechanical abort system has only saved lives twice, may have prevented one tragedy and in one case caused a death. So out of the 320 orbital human flights to date, only three missions in total necessitated the use of an abort system, or less than 1% of crewed launches.

There were another 3 launches where an abort system wouldn’t have helped, and two that aborted without an escape system.

And if we look at the last 30 years of human spaceflight, from the ’90s on, only 1 launch out of 180 ish launches required a launch abort system actually be used, so only about half a percent of flights would see any benefit from a launch escape system at all.

How to Improve Rocket Safety Without an Abort System

Now before we answer the question are abort systems necessary, let’s just take a look at one more thing. How can we improve the safety of rockets overall so we don’t need an abort system at all?

I think the answer to this question is we need to fly more… a lot more. And we need to reuse systems over and over so we can see where things are weakest and where we can make the greatest improvements in safety. Let’s look at airliner safety. This is a chart showing how many KM of commercial airline travel happens PER accident over time. Unfortunately, this data only goes back to 1929 and doesn’t even show the early, wild wild west days of air travel. But in less than a century, the industry’s safety record improved by three orders of magnitude.

Now I really really wish we had data on the first three decades of human air flight, but unfortunately, the data is not available, but I wouldn’t be surprised if it didn’t look too far off from this chart. Now, this is actually the orbital launch success rate per year. Notice how quickly humans got into the upper 90 percentile. But then it stalled…

 

Let’s compare that to the airline industry during the same time frame… yeah, humans had pretty much nailed down how to fly by then, it isn’t until you zoom into the tens of thousands that you can actually even begin to decipher an improvement on flights to success rate because we’re well into chasing 9’s in reliability at this point.

And I think there’s a few reasons for this. First off, in total there haven’t even been 6,000 orbital launches EVER TOTAL yet. Compare that to the almost 4 billion passenger flights in 2019 ALONE and you realize just how rare spaceflight is still.

I’ll bet the first 6,000 flight attempts of airplanes had a similarly awful flight record… 6,000 flights were probably just achieved in a much much quicker timeframe and with a significantly lower barrier of entry.

I don’t think we’ll actually see a rapid improvement and anywhere near 99.99% reliability of rockets until we see them literally flying dozens of times a week and over and over so we can actually see what parts are failing first and make improvements to them.

The answer to what can we do to make rockets more reliable is simple. Fly them more often and fly reusable rockets over and over instead of throwing them away. Only then will we begin to get anywhere near airliner like reliability.

Are Launch Abort Systems Necessary for Human Spaceflight?

So it’s time we wrap this all up. Launch abort systems. Are they necessary? Do they actually make astronauts safer? Do we need them going forward? If so, will we always need them in the future? Remember when we looked at how many times a launch abort system would have saved the lives of crew and it’s a surprisingly small number? Well, I still think it’s a good idea for this generation of rockets.

I think NASA, SpaceX and Boeing are right to assume the Falcon 9 and Atlas V, as reliable of rockets as they are, still lack significant flight data to really be considered safe enough without a launch abort system.

But these systems still bring their own complications and problems with them. Remember how SpaceX’s Crew Dragon Capsule blew up when testing the abort system? Well, you’re basically taking more parts and a small rocket and attaching all these extra systems, that can also fail, directly to your crew module anyway.

Sure, a lot of work goes into making them safe, but you’re solving the problems of rockets by sticking more rockets on them. It’s like sticking a Cessna prop plane inside of a 747 in case the 747 fails you can fly away on the Cessna. You’re probably better off just making sure your maintenance is up to speed rather than go and buy a spare Cessna.

It’s also like how people ask all the time if the Super Draco Abort motors could be used as a backup to the parachutes if the parachutes fail, and the answer is, technically, yes of course. But by the time you certify that procedure, those systems, and make it safe and reliable, you probably would’ve been so much better off just making the parachutes more reliable and less prone to failure.

In the same way, would you rather engineer an abort system, put together all these procedures and envelopes and subsystems or focus on making the entire vehicle that much safer. At some point, you can actually arguably achieve a more reliable system overall if it has fewer parts. 

I think Elon Musk said it best the 2019 Starship update when he said “The best part is no part. The best process is no process, it weighs nothing, costs nothing, can’t go wrong. The best part is no part. The thing I’m most impressed with when I have design meetings at SpaceX is what did you un-design? Undesigning is the best thing. Just delete it, that’s the best thing.”

So I guess the question should be would I ride on a starship without an abort system? For now, the answer is no. I think we should see at least a few dozen flights without crew first, find the limits and boundaries, and only once we have Starships flying 10+ times reliably without failures, would I consider getting on one. But I’m also a chicken haha

I do however think it could be possible we see humans on Starships early on in the program, and if it’s NASA astronauts, I wouldn’t be surprised if they would require an abort system. Especially since SpaceX will likely load and go their fuel, just like they do the Falcon 9, meaning the crew will need to be on board as fuel flows.

In general, it’s more dangerous to be filling and pressurizing a vehicle than to have it sitting there stable and fully fueled. So unless SpaceX can change that procedure for Starship, I honestly can’t really imagine NASA wanting any of their astronauts on board without an abort system again any time soon.

You can’t fix the problems you don’t know are there. Just like how SpaceX was so surprised to discover problems with cryogenics and composite overwrapped pressure vessels, or the failure of a strut, or titanium valve exploding, sometimes you simply don’t discover a design flaw until it rears its ugly head.

So that’s why I think it’s vital we see these things fly, fly often, and fly over and over. Only then will I think there’s a proven reliability record that would make it a safe enough option to not have an abort system. 

What do you think? Would you ride a rocket that’s lacking an abort system? I’m honestly not sure I would until that exact vehicle has flown at least 10 times and it’s just not as big of a deal anymore… it still scares the crap out me of though!

If you want to help me continue to do what I do, please consider supporting by becoming a Patreon member! Patreon members gain access to our exclusive sub-Reddit, an exclusive Discord channel, they get bonus material AND exclusive live streams!

Sources

Orbital Rocket Success Sate – https://space.stackexchange.com/questions/8566/what-is-the-success-failure-ratio-of-space-bound-rockets

Aviation Success Rate – https://en.m.wikipedia.org/wiki/Aviation_accidents_and_incidents

Aviation Distances Traveled – https://www.darrinqualman.com/global-air-travel-climate-change/

Shuttle Subjective Engineering – https://spectrum.ieee.org/tech-history/heroic-failures/the-space-shuttle-a-case-of-subjective-engineering

Bail out Pole – http://youtu.be/dfVTX25hH-I

Soyuz Data – https://www.spacelaunchreport.com/soyuz.html

World Airlines Traffic and Capacity – https://www.airlines.org/dataset/world-airlines-traffic-and-capacity/

World Aviation Safety – https://aviation-safety.net/statistics/period/stats.php?cat=A1

All accidents from 1918 – 2018 – http://www.baaa-acro.com/crashes-statistics