Aiming at the security problems of Modbus TCP protocol, such as lack of authentication, data transmission in clear text and abuse of function codes, a secure industrial control communication protocol (Modbus-S protocol) based on the original Modbus TCP protocol is proposed. The digital signature technology is used to ensure the integrity and authentication of data. The symmetric encryption is used to ensure the confidentiality of data. The unidirectional principle of hash function is used to guarantee the uniqueness of data. Finally, the "white list" filtering mechanism is used to manage function codes based on roles to ensure the controllability of instructions. Experimental verification and analysis show that Modbus-S protocol can fully compensate for the design defects of Modbus TCP protocol. Compared with the existing methods, the method has higher security and can comprehensively improve the communication security of Modbus TCP protocol.