The Challenger Disaster: When Business Priorities Overruled Engineering
How management pressure and communication breakdowns led to one of history’s greatest tragedies, and what engineers and managers can learn from it.
In my previous post, I examined the delicate balance between business and engineering. One event in history that always comes to mind when thinking about this tension is the Space Shuttle Challenger Disaster in 1986. The Space Shuttle disintegrated just 73 seconds after launch, resulting in the loss of all seven crew members.
Perhaps I'm drawn to this example because I love space exploration and am fascinated that we had Space Shuttles three years before I was born in 1981. Given the technology available to engineers at that time, it's remarkable how they managed to make it happen.
The Challenger explosion shattered the fairy tale that space exploration had become safe and that someday everyone could venture into space (and I mean actually reaching orbit and staying there for days).
Let's examine this disaster step by step and see how it relates to the concept of business priorities trumping engineering concerns.
The early days
The space race was over, and with Apollo landing multiple times on the moon, the program was sidelined, partly due to its high costs. Meanwhile, NASA wanted to develop something revolutionary: a machine that could transport people from Earth to space and return safely in the same orbiter. They promised:
Reusable orbiters and boosters that could fly up to 100 missions each
Launch costs reduced to one-tenth of the Saturn-class rockets
The ability for scientists to effectively "commute" to orbit
As mentioned, this occurred after the space race, when the economic situation in the USA had changed, making government approval more challenging to obtain.
This situation led NASA to make overpromises, claiming they could perform 48 flights per year to deploy technology (like Hubble), satellites, and military payloads into space.
Not only that, but NASA promised all this at a price and timeline that proved impossible to maintain:
Initial budget: $5.5 billion (approximately $24 billion today)
Promised completion: 1978
With these assurances, President Nixon approved the STS "Space Transportation System" Program on January 5, 1972.
In reality, the first orbital launch of STS-1/Columbia occurred on April 12, 1981, three years after the promised launch date. Worse still, it cost $10.6 billion, representing almost a 100% budget overrun.
Furthermore, between 1981 and 1986, when the Challenger disaster occurred, NASA completed only 24 successful missions. This fell far short of the promised 48 flights per year, making the program very difficult to sustain.
The buildup before the disaster
Before the year of the disaster, two significant events occurred. First, public opinion shifted from overwhelmingly positive to still positive but clearly trending negative. See survey data below:
Harris/Gallup composite – "Is the Space Shuttle a good investment?"
Yes ≈ 71% (June 1981, two months after STS-1)
Yes ≈ 51% (October 1985, three months before Challenger)
This shift was significant because NASA is a government agency, and government priorities are directly connected to public opinion.
Second, frustration began mounting in Washington. Two years after the STS program started, Congress learned that the initial plans were overly optimistic and likely unfeasible. In 1982, NASA attempted to secure additional funding by concealing it within the Department of Defense budget; however, Congress discovered that the actual DoD figures were significantly lower than the reported ones.
In 1985, lawmakers challenged NASA's promise of cheap access to space and attempted to stop financial losses from shuttle launches for commercial or foreign users.
All of this pressured NASA to commit to increasing annual launches, as they knew the program would otherwise face closure or significant reduction.
Overall, we can see three major factors that contributed to the pressure cycle at NASA:
Budget ceilings – With waning public support and the Reagan Office of Management and Budget pushing deficit reduction, NASA had little hope of securing another significant funding increase. Adhering to the promised launch rate appeared to be the only path to achieving "cheaper per shot" operations.
Over-subscribed manifest – Department of Defense, commercial communication satellites, and science payloads were all queued for the same orbiters. Increasing from the nine flights of '85 to the advertised twice-monthly cadence became an existential goal.
Management culture – Government Accountability Office and congressional committees repeatedly warned NASA about cost growth; managers responded by accepting more technical risk to stay on schedule, a theme the Rogers Commission later highlighted in the Challenger report.
This provides insight into the pressure situation facing NASA management and helps explain the decisions they made that led to the disaster.
O-rings
Those who are familiar with the disaster are aware of the O-rings that led to the failure. To understand how crucial they are, we have to understand the structure of a Space Shuttle.
The first picture depicts the full space shuttle, including the orbiter, the rocket boosters (one on each side), and the external tank.
The rocket boosters were approximately 45.46 meters long. As you can imagine, each booster wasn't made from a single huge element, but from several segments connected. From the final report, I took some pictures to provide you with an understanding of the elements of a rocket booster.
When the Space Shuttle was propelled by the rocket boosters, creating roughly a combined 6 million pounds of thrust, the connections between the booster segments needed to hold. Even a tiny issue at these joints could result in a catastrophic event.
These connections between segments contained several elements, but particularly important were the O-rings that kept the 3,000-degree hot exhaust inside the steel boosters. They needed to be easily reusable, as the rocket booster segments were built and then shipped to NASA facilities. Remember, the Space Shuttle program was designed to have reusable components. Other types of seals might have been a better fit, but wouldn't have been reusable.
Initially, these O-rings were made of a different material that worked very well, but had to be discontinued due to the presence of chromates and asbestos. They switched to other O-rings around 1983, which contained no chromates or asbestos and still met the reusability requirements.
But they had one major flaw: when the temperature dropped, the material stiffened, reducing the flexibility needed to seal the joints between the different parts of the rocket boosters.
NASA thought they had a solution by using two O-rings, one primary and one backup, that should prevent any problems if the primary didn't seal properly.
The Critical Sequence of Events
Now you know the part that created the disaster, and you probably also understand that cold temperature was a critical issue. On January 22, 1986, Challenger was scheduled to launch; however, due to freezing weather and icy conditions in Florida, the launch was postponed until January 28. With a tight schedule demanding multiple flights per year and all eyes on Challenger, as it was the first flight carrying a civilian, American teacher Sharon Christa McAuliffe, the launch needed to happen.
On January 28, 1986, the air temperature at the launch pad was just 2 degrees Celsius, and even colder at the right-hand booster. They needed anti-icing measures to prepare the vehicle for launch conditions.
The problem was that even the backup O-ring, made of the same material as the primary one, couldn't function properly under these cold conditions. As the launch time was delayed due to anti-icing procedures and high winds, the two rocket boosters finally roared into the sky at 11:38 am.
During flight, there is naturally significant movement between the booster segments, and the O-rings are designed to accommodate this by flexing and sealing any gaps created by these forces. The problem was that due to the cold-induced stiffness, the O-rings couldn't respond quickly enough, allowing 3,000-degree, high-pressure combustion gases to escape. The disaster unfolded in a precise sequence:
Multiple "puffs" of smoke were recorded.
At 58.8 seconds, a steady flame appeared on the booster's flank, growing up to 0.6 meters long.
Between 60 and 64 seconds, the plume began to impinge on the External Tank, which contained fuel.
At approximately 64 seconds, the flame burned through the LH2 tank wall
Moments later, the LH2 tank ruptured, resulting in a catastrophic breakup
It was technically a breakup rather than an explosion, a pressurized vapor explosion, not a chemical explosion. The crew cabin, which had some additional protection, tore loose and was thrown into the Atlantic Ocean at approximately 207 miles per hour. It remains unclear exactly when each crew member died, but at the latest, death occurred upon impact with the Atlantic Ocean at that speed, which would have been instantaneous.
Warning Signs Ignored
How did NASA not foresee that issue with the O-rings? It was testable and should have been detected in previous launches at cold temperatures. In fact, it was. Although not all tests were completed, it was clear that the O-rings had issues, but the severity of the problem remained uncertain. Based on the previous 24 successful flights, NASA viewed it as an acceptable risk since it had never caused a serious problem.
On July 31, 1985, an engineer from the company manufacturing the rocket boosters specifically warned executives about issues with low temperatures and the potential for a "catastrophe of the highest order." On the night before launch, a pivotal meeting took place between NASA and Morton-Thiokol, the company responsible for the boosters. Engineers opposed the launch, presenting both their test results and a temperature-damage plot showing all previous O-ring issues correlated with temperature.
At that point, the Challenger launch was nearly postponed. However, a subsequent management-only call between NASA and Morton-Thiokol concluded that launching was safe.
What happened?
NASA officials argued the data was inconclusive, while Morton-Thiokol's management wasn't sufficiently definitive about the data. One representative suggested that the secondary O-ring would properly seal if the primary O-ring failed. This communication gap between Morton-Thiokol's engineers and management gave NASA exactly what they needed to proceed.
They were under immense pressure to maintain their launch schedule, and with all eyes on this particular mission because of the civilian on board, they needed the launch more than ever.
When examining the publicly available documents, it's clear that NASA reversed the normal safety principle; instead of proving the launch was safe, they required someone to prove it was unsafe.
Management won, and Challenger launched with the devastating results we know.
Lessons from Challenger: The Engineer-Management Divide
In my previous blog post, I discussed how engineers can better understand business decisions and support the business. The Challenger disaster is a stark example of when engineers aren't listened to at all. The pressure was so high that NASA created a self-inflicted wound with deadlines they felt compelled to meet.
As an engineer, you've probably concluded that "if management had listened to us, we wouldn't have this problem." However, not all decisions are as impactful as those in the Challenger story. Often, the consequences of a business decision gone wrong are much less severe. Such decisions can be taken even with high risks.
But I'm certain the engineers who worked on the rocket boosters would go back in time to make their case even more compelling, leaving no doubt that launching was unsafe.
The Trust Gap
What's striking in this story is that engineers gave a "no-go," but when management convened alone, it changed to a "go." This highlights the crucial point that management and engineers must share a bond of trust:
Engineers need to trust that management will make informed decisions, and ultimately, they'll take responsibility
Management must trust that engineers will diligently inform them of problems and their potential consequences
What is clear in the Challenger disaster is that the pressure to make the Space Shuttle program successful was too great. Communication had already deteriorated to the point where it was just a matter of time before something like this happened.
Moving Forward
So, as engineers, find people who will listen to you before business pressure mounts, not after. Build relationships, humans rely on trust, which isn't solely grounded in technical expertise.
For managers facing go/no-go decisions:
Consider the consequences and discuss the issue with multiple engineers, including those you might not typically consult
Be aware that standing in the way can bring extreme pressure, especially when business demands build up
Understand that not every situation is a Challenger. You can often take calculated risks, but document potential consequences.
Communicate frequently with your team.
And perhaps most importantly: understand that when risks materialize, people in many environments will likely blame you. This is probably one of the most challenging aspects of becoming a manager that nobody warns you about. You get no credit for success, but all the blame when things fail.