Safety procedures at Virgin Galactic, whose spacecraft crashed on a test flight last week, included too few safeguards to prevent a potential catastrophe, one of the world's leading space safety experts has said.
Tommaso Sgobba, a former head of flight safety for the European Space Agency, told the FT that industry best practice called for operators to build in "two-failure tolerance", or sufficient safeguards to survive two separate, unrelated failures – two human errors, two mechanical errors or one of each.
Mr Sgobba, who approved all the European-supplied parts of the International Space Station, believes Virgin Galactic's SpaceShipTwo's systems fell short of that standard.
According to investigators, SpaceShipTwo disintegrated after a pilot wrongly unlocked the "feathering" mechanism – which slows the craft during its descent – too early. The mechanism then activated even though the separate lever to deploy it was not pulled.
The crash killed Michael Alsbury, the flight's co-pilot, and seriously injured Peter Siebold, the pilot.
The feathering mechanism – which is vital to slow the aircraft but potentially deadly when it is accelerating – was typical of the safety systems that needed to withstand human errors and mechanical failures in space vehicles, analysts said.
The company, part of Sir Richard Branson's Virgin Group, has insisted it will press on with its test programme once a second aircraft currently under construction is ready.
Mr Sgobba said that SpaceShipTwo's systems, which in theory required two levers to be moved before the wings went in to a "feathered" configuration, appeared to be designed to be "one-failure tolerant" – to stay safe in the event of a single pilot error or mechanical failure.
But the system had not worked that way. "What we see in the incident is what we call 'zero-failure tolerance'," Mr Sgobba said. "So you make the mistake – you have a catastrophe."
The design would not be acceptable in other safety-critical industries, such as aircraft manufacture, Mr Sgobba added.
Loren Thompson, an analyst at the Virginia-based Lexington Institute who consults for many large US aerospace companies, confirmed that safety-critical US businesses – including suppliers to Nasa, the space agency – required at least the "two-fault tolerance" that Mr Sgobba described.
He said it was a "significant concern" that some private space operators applied less stringent standards.
Virgin said the locking mechanism for the feathers represented two separate safeguards. There was a "procedural" safeguard, since the lock was meant to stay in place until after the most dangerous, early part of the flight, and a "mechanical" safeguard, in the form of the lock itself.
Mr Sgobba said procedural rules could be seen as a safeguard in some circumstances. But he added: "They are considered the least desirable. If they had designed the system according to well-established practice, they would not have had the need to rely on the least suitable control, which is a procedural control".
Virgin added that safety was its "North Star".
"It is the thing that can and must guide us as we strive to meet our goal of opening the space frontier," it said.
The National Transportation Safety Board, which is investigating Friday's crash, declined to comment immediately on the nature of the company's safety precautions.
But it said: "Clearly, what safety measures they had in place is something the investigation is going to be looking at."
The Federal Aviation Administration, which licenses most forms of aviation in the US, said its responsibility over commercial space operations was limited to setting rules to protect people and property on the ground.
"These regulations do not prescribe how operators should design their vehicles in order to achieve public safety," the FAA said.