Driving Down Risk in the Psyche Fault Protection Design Post Launch Slip

The Psyche Mission is a NASA Discovery-class Mission to explore (16) Psyche, a large metallic asteroid that orbits the sun between 2.5 and 3.3 au. The spacecraft bus is a repurposed earth-orbiting telecommunication satellite bus developed by Maxar, combined with Avionics and software developed by JPL. To ensure this earth-orbiting spacecraft bus can survive the lengthy journey into deep space, a robust fault protection function was designed, implemented, and tested. Originally scheduled for July 2022, the launch date was postponed to October 2023 due to delays during system-level testing of the spacecraft. By the time the launch slip was announced, the fault protection design was fully implemented in software, and the V&V program was nearly complete. Consequently, the team found themselves with an additional year of unplanned development time, which provided the unique opportunity to revisit parts of the fault protection design, implementation, and V&V strategy prior to launch, while incorporating lessons learned from the previous year of testing.This paper provides an overview of the efforts taken to drive down risk in the Psyche fault protection design after the launch slip. These efforts can be split into three categories: additional “deep dive” analyses targeting higher risk areas of the design, improvements to the design and implementation that resulted in software changes, and the development of a rich set of high-fidelity risk reduction test cases meant to validate the fault protection function. This paper discusses the motivating concerns that drove each of these efforts and explains how lessons learned were incorporated into the post-launch slip development work. It summarizes the analyses that were spawned and explains the methods that were used to constrain and complete each analysis. It captures the trades made when deciding which design changes and software bug fixes to implement, and describes the processes used to implement and verify those changes in an agile manner. Finally, the paper captures the brainstorming process for devising a set of risk reduction tests used to improve confidence in the fault protection design, and validate its performance over a wide range of scenarios.