Top-down vs. bottom-up risk assessment: Consistent, contradictory or complimentary?

Probabilistic risk assessment (PRA) of newly designed space systems is an intricate task due to the uniqueness of each mission´s objectives and architecture, and the corresponding lack of relevant data regarding the components and environments. Finding one good source of information is hard enough, but it is even more challenging when multiple, partially relevant sources of information are required or available for the task. Top-down approaches, which are based on analogous systems with well-documented performance records, are usually good at highlighting the challenges in a historical context but the results need to be adjusted when applied to a new design with no or little real flight history. On the other hand, while bottom-up approaches are good at capturing the risk of a system that is comprised of at least some components with demonstrated reliabilities and has a specific design, environment and operational concept, the method is heavily dependent on the analyst to define the failure modes and capture the failures caused by component interaction or by environment hazards such as micrometeoroid and orbital debris (MMOD). This difficulty challenges the completeness of a bottom-up model and makes it difficult to produce bounding risk estimates. In this study, the consistencies and contradictions between the risk estimates of top-down and bottom-up approaches are explored by using both methods to estimate the failure probability of major subsystems of two National Aeronautics and Space Administration (NASA) exploration missions. The comparison between the sources of information used by each approach reveals biases, the risk impact of design decisions, and the amount of uncertainty that exists in each analysis. The output of the two approaches is then aggregated using the Bayesian inference method, which provides a platform for designers to improve their design by asking what-if questions regarding hypothetical test scenarios, redundancy decisions, or diverse bac- up plans. This paper contains a summary of the comparison, highlights the differences in results between approaches, and describes the inference model implementation and insights.