Aggreko designs and manufactures its own power generation, cooling, and energy storage equipment - generators, chillers, battery systems - then deploys them globally through a rental model. The company operates 60 locations worldwide and maintains 24/7 operational capability, supporting data centres, mines, manufacturing sites, municipal infrastructure, and large-scale events like the Olympics. Over 60 years of operational history means the infrastructure they manage runs critical systems that cannot fail.
The threat model is clear: Aggreko's distributed fleet of networked equipment spans jurisdictions, industries, and security postures. A generator control system compromised in one location becomes a vector for lateral movement across other sites. Rental equipment cycling through different customers and environments creates both visibility and containment challenges. Battery management systems and HVAC controls integrate with customer networks during deployment, then move to the next site. The company's own manufacturing operations - where firmware and control logic originate - are themselves potential supply-chain choke points.
Their technical stack includes embedded systems in power and thermal equipment, distributed SCADA-like monitoring across global locations, renewable integration platforms, and battery management systems. The renewable energy and cleaner-fuels investments expand the attack surface. Integration work with customer infrastructure means security decisions made in one domain (a mine site, a data centre) can create dependencies elsewhere.
Security work here requires understanding industrial equipment lifecycles, distributed asset management at scale, supply-chain implications of in-house manufacturing, and the operational reality that downtime on rental power infrastructure has immediate, visible consequences for customers running critical operations.
