If the CRL is not available for whatever reason, SIC will assume the certificates are still valid...at least for a period of time.
With site-to-site VPN using ICA certificates, if the management server is unavailable for more than 24 hours, the VPNs will start failing.
While I don't know for certain, I assume SIC will do something similar.
In any case, when the management server was brought back up with an older version of the ICA database, the certificates those gateways had were no longer considered valid, thus breaking SIC.
This seems like expected behavior.