Aiming at the problems of key leakage， single point of failure and high communication overhead in the central authentication scheme widely used in Industrial Control Systems （ICSs）， the Cryptography Fundamental Logics （CFL） authentication technology with domestic independent intellectual property right was introduced into the authentication and communication process of ICSs， and a CFL-based authentication and communication scheme for ICS was proposed. Firstly， between two communicating parties， the dynamic certificates with right， which were generated by the identity label and authority information of each other were exchanged and verified， so that the decentralized authentication of the identities of the two parties and the negotiation of the session key were realized. Secondly， the session key， CFL dynamic signature and access control rules were used to ensure the secure communication between the two parties. Finally， the detailed logs of control process were encrypted and stored to realize traceable process. Theoretical analysis and experimental results show that this scheme no longer needs the participation of remote authentication center in the authentication stage， and realizes the local and efficient authentication among industrial control equipments. The minimum system throughput improvement of the proposed scheme is 92.53% compared to the Public Key Infrastructure （PKI） scheme and 141.37% compared to the Identity-Based Encryption （IBE） scheme when facing a large number of authentication requests， which means that the proposed scheme can better meet the requirements of large-scale authentication and millisecond-level security communication in ICSs.